IPsec problems

["Eric P. McCoy" <ctr2sprt_(_at_)_cox_(_dot_)_net>]

OK, I am trying to do a simple enough IPsec setup: I want to join two 
private-address networks over the Internet.  Both networks are protected 
by a NAT firewall.  My side is an OpenBSD box; the other side is a Cisco 
PIX (or something, not clear on the details).

After much reading we were able to get everything configured correctly, 
or so we thought.  My problem is a very simple one: the packets destined 
for the foreign LAN are getting sent out into the Internet at large and 
eventually discarded, instead of being sent along the IPsec tunnel. 
Obviously I need to set up some sort of route, but nothing says what or 
how (or, for that matter, why isakmpd doesn't do it for me - all the 
docs seem to suggest that it should).

I guess I ought to describe exactly what I've done.  Obviously I've 
forgotten some step, and I'm sure it's simple.

1. Create isakmpd policy and conf file from templates, modified for my 
numbers.
2. Add firewall rules allowing the needed traffic (udp port 500, 
protocol esp, enc0 interface).
3. Run isakmpd.

Pings are definitely arriving at the machine.  I confirmed this with 
tcpdump.  Pings are definitely not leaving via IPsec.  Confirmed this 
one with tcpdump too.

Any help would be greatly appreciated.  Thanks!