Hi Lior,
If you are using Cisco VPN Client behind a PAT device and terminating your ipsec connection on a Pix, then this scenario will not work cos IPSec uses UDP Port 500 and Protocol 50 (ESP).
You have to do a One to One static Translation for the client and use a full routable ip address and then it will work fine.
If you are terminating the ipsec connection on a VPN3000, then IPSec Over UDP/TCP might be an option for you.
You can refer the below URL for the same:
http://www.cisco.com/warp/public/471/nat_trans.html
Regards,
Arul