Firewall/NAT

I am attempting to setup a Cisco DMVPN solution. The Cisco Router sits behind the m0n0wall. I have setup a 1:1 NAT so that the Cisco Router has its own external IP address separate from the m0n0wall external IP address. For example I have from my ISP 75.1.1.0/29 wiht useable IP's 75.1.1.1 - 75.1.1.6. The m0n0wal is assigned 75.1.1.6 and I have setup 1:1 for 75.1.1.5 pointing to the cisco router on the LAN 192.168.1.21.

I have WAN rules to allow SSH traffic to 192.168.1.21 and I can access the Cisco router across the internet now. So the static NAT and rules are working as expected.

Now I want to use this Cisco Router as the DMVPN hub. To do this I need  to open UDP 500 , ESP (Ip protocol 50 ) and AH (IP protocol 51) if using AH.

Queston is how do I allow ESP and AH through the m0n0wall to the Cisco Router?

ESP and AH are protocols available in the protocol drop down list in a Firewall Rule.

DUH!

Brain cramp. Thanks for poitning in the right direction.