I had ip route 0.0.0.0 0.0.0.0 dialer0 so it should have routed
everything there anyhow.

In the end I gave up and put the old m0n0 along side the Cisco as I
really needed to get things going ASAP, with a static route on the Cisco
to send all traffic destined for 192.168.1.0/24 to the m0n0's LAN
interface instead.

This works, but it would be nice to have a single device.

-Scott


> -----Original Message-----
> From: krt [mailto:kkrrtt at gmail dot com]
> Sent: Saturday, 14 April 2007 10:55 a.m.
> To: m0n0wall; Scott Pettit
> Subject: Re: [m0n0wall] Cisco 857 and m0n0wall IPSec
> 
> Guessing the problem:
> 
> The Kumeu side needs to route the packets for 192.168.1.0/24 out the
> interface that your crypto map is applied to, i.e. Dialer0:
> 
> ip route 192.168.1.0 255.255.255.0 dialer0
> 
> 
> Nit picking:
> 
> The encryption domains don't need to be like that - they only apply
for
> outbound traffic.  In other words:
> 
> ip access-list extended ALBANY-VPN
>   permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
>   deny   ip any any
> 
> basically:
> 
> "permit <protocol> <local network> <remote network>"
> 
> Awareness:
> 
> The mtu on Dialer0 should be around 1420