I had ip route 0.0.0.0 0.0.0.0 dialer0 so it should have routed
everything there anyhow.
In the end I gave up and put the old m0n0 along side the Cisco as I
really needed to get things going ASAP, with a static route on the Cisco
to send all traffic destined for 192.168.1.0/24 to the m0n0's LAN
This works, but it would be nice to have a single device.
> -----Original Message-----
> From: krt [mailto:kkrrtt at gmail dot com]
> Sent: Saturday, 14 April 2007 10:55 a.m.
> To: m0n0wall; Scott Pettit
> Subject: Re: [m0n0wall] Cisco 857 and m0n0wall IPSec
> Guessing the problem:
> The Kumeu side needs to route the packets for 192.168.1.0/24 out the
> interface that your crypto map is applied to, i.e. Dialer0:
> ip route 192.168.1.0 255.255.255.0 dialer0
> Nit picking:
> The encryption domains don't need to be like that - they only apply
> outbound traffic. In other words:
> ip access-list extended ALBANY-VPN
> permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
> deny ip any any
> "permit <protocol> <local network> <remote network>"
> The mtu on Dialer0 should be around 1420