Cisco Pix 7.2 Remote Access VPN Configuration

I have been having a considerable amount of headache with a PIX 515 (128MB) firewall.

Here is a snipped dump of my PIX configuration:

PIX Version 7.2(1)
!

names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address XX.XX.XX.XX 255.255.255.192
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 10.1.1.1 255.255.255.0
!
interface Ethernet2
 shutdown
 no nameif
 no security-level
 no ip address
!

access-list ras-vpn extended permit ip 10.13.37.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list ras-vpn extended permit ip 10.1.1.0 255.255.255.0 10.13.37.0 255.255.255.0
access-list acl-out extended permit ip 10.13.37.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list acl-out extended permit ip 10.1.1.0 255.255.255.0 10.13.37.0 255.255.255.0
access-list ras-vpn-rules extended permit ip 10.13.37.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list ras-vpn-rules extended permit ip 10.1.1.0 255.255.255.0 10.13.37.0 255.255.255.0
ip local pool vpnpool 10.13.37.100-10.13.37.120 mask 255.255.255.0

global (outside) 1 interface
nat (inside) 0 access-list ras-vpn-rules
nat (inside) 1 10.1.1.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.XX

crypto ipsec transform-set ras-vpn-transform esp-3des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set ras-vpn-transform
crypto map ras-vpn-crypto-map 1 ipsec-isakmp dynamic dyn1
crypto map ras-vpn-crypto-map interface outside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 10800
tunnel-group ras-vpn-group type ipsec-ra
tunnel-group ras-vpn-group general-attributes
 address-pool vpnpool
tunnel-group ras-vpn-group ipsec-attributes
 pre-shared-key *


Now, I can connect to the VPN just fine. However, when I try and communicate to any of the 10.1.1.0/24 hosts I am not able to do so. I get the following error in the PIX log:

%PIX-3-713042: IKE Initiator unable to find policy: Intf 1, Src: 10.1.1.10, Dst: 10.13.37.102

It seems to me that there is an issue with the data coming back from the pix through the VPN to my client. In the above example the error was generated when I attempted to SSH from 10.13.37.102 (VPN client) to 10.1.1.10 (a host running SSHD).

I believe this error is because the following line must be applied:

crypto map ras-vpn-crypto-map 1 match address ras-vpn-rules


However, the interesting bit here is that when I enter this line, the PIX takes it without showing a single error. Immediately after I run 'sh run' and the match address line does not show in the config. I have tried rebooting and re-running the command to no avail.

Any help would be greatly appreciated.

Thanks in advance!