We brought a branch location online awhile back via a site to site T1 and a couple of 1841s. Everything is running great, but a problem I'm having is that the branch location client's mac address is showing up in my firewall logs as the mac for the 1841 FastEthernet interface on the Headquarters side. I would like to be able to preserve the clients mac addresses so that they show up in the firewall logs correctly. Thanks for the help
mac-addresses are not preserved across L3 hops so unless your branch is connected to the HQ site with a L2 link which would also mean the 1841 routers on either side would have to be bridging the connection, then you won't be able to preserve the mac-address.
So when the packets arrive at HQ and are sent from the 1841 to your firewall the src mac-address will always be the 1841 fast ethernet interface. The src IP will obviously be the client.
This is normal TCP/IP behaviour.