IPSEC VPN and connectivity issues.. OpenBSD 2.8 to Nortel Contivity

[Michael <mwareman_(_at_)_enteract_(_dot_)_com>]

All,

I'm having a small issue with establishing a VPN between the above
mentioned devices. I have successfully got the tunnel established using
ISAKMPD, but the issue I have is this. When the tunnel is up, I cannot
connect directly to the OpenBSD box from my internal host (ie: it's
functioning as the VPN router, but not as a host).

Now, the network configuration is also slightly interesting.

Remote LAN is an internetwork 10/8 - it has been subnetted down a lot. The
remote Contivity is on 10.254.0.0/16. and there is another router on that
network to over 120 other networks (10.x.0.0/16). 

Local LAN (to the OpenBSD box) is 10.200.1.0/29.

What I am doing is specifying 10/8 as the remote network, and
10.200.1.0/29 as the local. (In Checkpoint speak this is an overlapping
encryption domain) Is this configuration supported?

In the diagram below, when the tunnel is open, I can communicate from
HostB to any host on the 10.x/16, 10.1/16 and 10.254/16 networks
(ie: anything behind the contivity), but not with the OpenBSD box.

>From HostA I can connect to, and ping the OpenBSD box. I cannot do this in
reverse. In fact, the OpenBSD box cannot connect to, or ping, any host on
any 10. network - it can only communicate with other hosts on the
Internet.

Can anyone see anything obvious?

Many thanks,

Michael.

Many Networks (10.x/16)
         |
       Router
     10.1.1.2
         |
 HostA (10.1.10.100)
         |
     10.1.1.1
       Router
    10.254.1.1
         |
   Net 10.254/16
         |
    10.254.1.2
     Contivity
         |
      Internet
         |
      OpenBSD
    10.200.1.1
         |
 Net 10.200.1.0/29
         |
 HostB (10.200.1.2)