There are many possibilities for this one.
1. Check 515 for "sysopt connection permit-ipsec"
2. nat (inside) 0 access-list X and X would be:
access-list X permit ip
3. Make sure your internal routing at the 515 site is routing packets for the VPNPool to the Pix and not somewhere else.
Then on the 501 side...
1. You either need a static one to one NAT and allow ESP
OR
2. You need to have recent code that supports "fixup protocol esp-ike"
OR
3. Have 6.3 code on the 515 that has "isakmp nat-traversal" to encapsulate the packet in UDP Port 4500.