Here is a config that will let your Cisco VPN 3000 Client connect to your PIX as long as you have the DES key.

ip address outside 208.1.1.254 255.255.255.0

ip address inside 10.1.1.254 255.255.255.0

domain-name cisco.com

access-list 101 permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0

ip local pool ippool 192.168.1.1-192.168.1.254

nat (inside) 0 access-list 101

sysopt connection permit-ipsec

no sysopt route dnat

crypto ipsec transform-set myset esp-des esp-md5-hmac

crypto dynamic-map dynmap 10 set transform-set myset

crypto map mymap 10 ipsec-isakmp dynamic dynmap

crypto map mymap interface outside

isakmp enable outside

isakmp identity address

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

vpngroup cisco-vpn address-pool ippool

vpngroup cisco-vpn dns-server 10.1.1.1 10.1.1.3

vpngroup cisco-vpn wins-server 10.1.1.1

vpngroup cisco-vpn default-domain cisco

vpngroup cisco-vpn idle-time 1800

vpngroup cisco-vpn password cisco