Assuming you have only one IP address, and that IP address is used on your outside interface, the following will map TCP port 80 on that IP address to your nternal server at 10.1.1.1:
> static (inside,outside) tcp interface 80 10.1.1.1 80 netmask 255.255.255.0
Then you need to add a access-list to allow connections into that address with:
> access-list inbound permit tcp any interface outside 80
> access-group inbound in interface outside
Note you need to be running 6.3 code on the PIX to use the "interface outside" keyword in an access-list. If you get a static IP address on your outside interface from your ISP, then you can replace the "interface outside" keywords above with "host x.x.x.x", where x.x.x.x is your outside IP address.
The VPN client is available from here:
http://www.cisco.com/kobayashi/sw-center/vpn/client/
And a sample config is here:
http://www.cisco.com/warp/public/110/pix3000.html
Command reference for the "vpngroup" command is here:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/tz.htm#1048524