General Questions

I am trying to simulate some subnets with Active Directory sites.
My configuration:

Vmware ESX Desktop
win2003-1 (dhcp server) 192.168.1.160/24 gateway:192.168.1.180

VM Workstation Laptop
m0n0wall LAN: 10.10.10.1 WAN:192.168.1.180(dhcp client) Firewall rules LAN and WAN  * * * * *
win2003-2 10.10.10.2/24 gateway: 10.10.10.1

From win2003-2 I can ping 192.168.1.160, I can use RDP to wn2003-1, etc.
From win2003-1 I can only ping 192.168.1.180, I can not ping 10.10.10.2 or 10.10.10.1

I was able to join the domain with win2003-2 -> win2003-1. I could promote 2 as secundary domain controller, but have offcourse replication problems now because server win2003-1 could not reach win2003-2

I see only green arrows in the firewall log for WAN and LAN.

Please help. What am I doing wrong 

Have you disabled NAT?  From your description you are only needing to use Monowall as a router and do not require it's NAT capabilities which are switched on by default.  It would explain the behaviour that you describe.  You have outbound connectivity but not inbound.  To disable it, go to the NAT page and the Outboud tab.  Check the box to enable advanced NAT and this will remove all pre built NAT rules and will leave it as a router.  The only other thing to bear in mind is if you want internet connectivity, the next hop has to be in the WAN subnet, as Monowall's default gateway is only on the WAN interface.

Hope that makes sense.