Configuring a Remote VPN to PIX Version 6.3(5) using PDM Version 3.0(4), to allow for VPN Connection using Cisco VPN Client ver 5

Hmm my Java was already 1.6.0,  I did as you said, to check for updates, and had the latest Java Platform. I have regenerated the key as per your instructions, although there was one line which i wish to add some syntax,

>ca generate rsa 1024    
should be
ca generate rsa key 1024

performed the other commands as per your instruction, and testing again with pdm now.

now the pdm will not load at all

I closed all IE windows and deleted all temp files and history, and can open the PDM again, go the prompt to accept the certificate, and chose to always trust from that publisher, PDM is loaded now.

Whew! Nice job..

however,  well , it still gets the communication problem after only a few minutes...

curious about this line in my running config

ssh timeout 60

could this be timing me out ?

Nope. Has no affect on PDM

I have seen this same issue with the Java version of ASDM...doesn't seem to happen with the ASDM software client.  It hasn't bothered me enough to research a solution yet, so I don't know what is causing it but it doesn't seem to be isolated to PDM or PIX 6.x code...interesting...

What would be the next logical step to troubleshoot this?
The links above are for installing the PDM software on the PIX, it is installed.
The PDM software is not performing properly so I will need to address that, however I am still able to configure the VPN on the firewall via telnet, I am just not so familiar with the commands.  I will continue to troubleshoot the PDM issue, but getting the VPN set up for tomorrow is priority.  I am searching for some good references to help me with the commands I need to enter.

could it be that i need to reset the clock in the PIX ?

i guess i should just open a TAC case with the cisco support.

ok,, well the ticket is opened with them regardin the PDM issue, but I dont expect to hear from them until tomorrow, so moving on, I took a look at the link from above to find the commands there to set up this VPN to the PIX , and I know it should be very clear, but there is just some things there, I am not sure if it all applies to me, such as split tunneling and if i need to disable NAT for IPsec packets,, which are in there, i am just a little unlear the addresses i will need for those parts.

the commands from the link you gave me are as follows:

PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname Pixfirewall
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names


!--- Define the access list to enable split tunneling.

access-list 101 permit ip 10.10.10.0 255.255.255.0 10.10.8.0 255.255.255.0
access-list 101 permit ip 10.10.11.0 255.255.255.0 10.10.8.0 255.255.255.0


!--- Define the access list to avoid network address
!--- translation (NAT) on IPsec packets.


access-list 102 permit ip 10.10.10.0 255.255.255.0 10.10.8.0 255.255.255.0
access-list 102 permit ip 10.10.11.0 255.255.255.0 10.10.8.0 255.255.255.0

pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500

!--- Configure the IP address on the interfaces.

ip address outside 172.16.10.1 255.255.255.0
ip address inside 10.10.10.2 255.255.255.0
no ip address intf2
ip audit info action alarm
ip audit attack action alarm

!--- Create a pool of addresses from which IP addresses are assigned
!--- dynamically to the remote VPN Clients.


ip local pool vpnpool1 10.10.8.1-10.10.8.254
pdm history enable
arp timeout 14400

!--- Disable NAT for IPsec packets.

nat (inside) 0 access-list 102
route outside 0.0.0.0 0.0.0.0 172.16.10.2 1
route inside 10.10.11.0 255.255.255.0 10.10.10.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable

!--- Permit packet that came from an IPsec tunnel to pass through without
!--- checking them against the configured conduits/access lists.

sysopt connection permit-ipsec

!--- Define the transform set to be used during IPsec
!--- security association (SA) negotiation. Specify AES as the encryption algorithm.

crypto ipsec transform-set trmset1 esp-aes-256 esp-sha-hmac

!--- Create a dynamic crypto map entry
!--- and add it to a static crypto map.

crypto dynamic-map map2 10 set transform-set trmset1
crypto map map1 10 ipsec-isakmp dynamic map2

!--- Bind the crypto map to the outside interface.

crypto map map1 interface outside

!--- Enable Internet Security Association and Key Management
!--- Protocol (ISAKMP) negotiation on the interface on which the IPsec
!--- peer communicates with the PIX Firewall.

isakmp enable outside
isakmp identity address

!--- Define an ISAKMP policy to be used while
!--- negotiating the ISAKMP SA. Specify
!--- AES as the encryption algorithm. The configurable AES
!--- options are aes, aes-192 and aes-256.
!--- Note: AES 192 is not supported by the VPN Client.

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption aes-256
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

!--- Create a VPN group and configure the policy attributes which are
!--- downloaded to the Easy VPN Clients.

vpngroup groupmarketing address-pool vpnpool1
vpngroup groupmarketing dns-server 10.10.11.5
vpngroup groupmarketing wins-server 10.10.11.5
vpngroup groupmarketing default-domain org1.com
vpngroup groupmarketing split-tunnel 101
vpngroup groupmarketing idle-time 1800
vpngroup groupmarketing password ********
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:c064abce81996b132025e83e421ee1c3
: end

It has just been maybe a year and a half since i used the CLI on any cisco device so I have become a little dusty with them, and I am trying here !! please bear with me.   If i can use this example, please could you shed some light on which parts i would need.  

** also ,, Batry Boy you mentioned a software called ASDM, do you suggest I try to use this instead ? I am feeling a little defeated,

ok,, here are the commands i put in, as per the example , i think some need to be changed,, but ,, for the most part, i followed it exactly.

User Access Verification

Password:
Type help or '?' for a list of available commands.
pixfirewall> enable
Password: ***********
pixfirewall# config t
pixfirewall(config)# fixup protocol ftp 21
pixfirewall(config)# fixup protocol h323 h225 1720
pixfirewall(config)# fixup protocol h323 ras 1718-1719
pixfirewall(config)# fixup protocol http 80
pixfirewall(config)# fixup protocol ils 389
pixfirewall(config)# fixup protocol rsh 514
pixfirewall(config)# fixup protocol rtsp 554
pixfirewall(config)# fixup protocol sip udp 5060
pixfirewall(config)# fixup protocol skinny 2000
pixfirewall(config)# fixup protocol smtp 25
pixfirewall(config)# fixup protocol sqlnet 1521
pixfirewall(config)# names
pixfirewall(config)# pager lines 24
pixfirewall(config)# mtu outside 1500
pixfirewall(config)# mtu inside 1500
pixfirewall(config)# access-list 101 permit ip 10.1.1.252 255.255.255.255 10.1.1.0
pixfirewall(config)# access-list 102 permit ip 10.1.1.252 255.255.255.255 10.1.1.0
pixfirewall(config)# ip audit info action alarm
pixfirewall(config)# ip audit attack action alarm
pixfirewall(config)# ip local pool vpnpool1 10.1.1.200-10.1.1.210
pixfirewall(config)# pdm history enable
pixfirewall(config)# arp timeout 1400
pixfirewall(config)# nat (inside) 0 access-list 102
pixfirewall(config)# route outside 0.0.0.0 0.0.0.0 ###.###.41.66 1
cannot add route entry. possible conflict with existing routes
Usage:  [no] route <if_name> <foreign_ip> <mask> <gateway> [<metric>]
pixfirewall(config)# timeout xlate 3:00:00
pixfirewall(config)# timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
pixfirewall(config)# timeout h323 0:05:00 sip 0:30:00 sip_media 0:02:00
pixfirewall(config)# timeout uauth 0:05:00 absolute
pixfirewall(config)# sysopt connection permit-ipsec
pixfirewall(config)# isakmp enable outside
pixfirewall(config)# isakmp identity address
pixfirewall(config)# isakmp policy 10 authentication pre-share
pixfirewall(config)# isakmp policy 10 hash sha
pixfirewall(config)# isakmp policy group 2
Priority must be between 1 and 65000
pixfirewall(config)# isakmp policy 10 lifetime 86400
pixfirewall(config)# vpngroup vpnremote address-pool vpnpool1
pixfirewall(config)# vpngroup vpnremote dns-server 10.1.1.12
pixfirewall(config)# vpngroup vpnremote wins-server 10.1.1.12
pixfirewall(config)# vpngroup vpnremote default-domain mycompaniesdomain.com
pixfirewall(config)# vpngroup vpnremote split-tunnel 101
pixfirewall(config)# vpngroup vpnremote idle-time 1800
pixfirewall(config)# vpngroup vpnremote password vpnremote5000
pixfirewall(config)# ssh timeout 5
pixfirewall(config)# console timeout 0
pixfirewall(config)# terminal width 80
pixfirewall(config)# exit
pixfirewall# write mem
Building configuration...
Cryptochecksum: *************
[OK]
pixfirewall#

Here is the running-config, (after having entered the commands from above)
I am not sure if the lines regarding  acl 101 and 102 are correct,, and then further regarding the vpngroup vpnremote split-tunnel.  

Password:
Type help or '?' for a list of available commands.
pixfirewall> enable
Password: ***********
pixfirewall# show running-config
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ***** encrypted
passwd ***** encrypted
hostname pixfirewall
domain-name mycompanysdomain.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 10.1.1.105 NAV2NET
object-group service remotesoftware tcp
  port-object eq 4899
  port-object eq 1812
  port-object eq 8200
object-group service VPN tcp-udp
  description VPN Connections
  port-object eq 1783
  port-object eq 3389
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host ###.###.41.70 eq ftp
access-list acl_out permit tcp any host ###.###.41.70 eq smtp
access-list acl_out permit tcp any host ###.###.41.70 eq www
access-list acl_out permit tcp ###.###.46.112 255.255.255.252 host NAV2NET object
-group VPN log 7
access-list acl_out deny tcp any any eq 2101
access-list outside_access_in deny tcp any any object-group remotesoftware
access-list 101 permit ip host 10.1.1.252 host 10.1.1.0
access-list 102 permit ip host 10.1.1.252 host 10.1.1.0
pager lines 24
logging on
logging timestamp
logging buffered debugging
logging trap debugging
logging host inside 10.1.1.93 17/1025
mtu outside 1500
mtu inside 1500
ip address outside ###.###.41.66 255.255.255.224
ip address inside 10.1.1.252 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool vpnpool 10.1.1.20-10.1.1.30
ip local pool vpnpool1 10.1.1.200-10.1.1.210
pdm location 10.1.1.7 255.255.255.255 inside
pdm location 10.1.1.12 255.255.255.255 inside
pdm location ###.###.41.65 255.255.255.255 outside
pdm location ###.###.41.65 255.255.255.255 inside
pdm location ###.###.41.0 255.255.255.0 outside
pdm location 10.1.1.60 255.255.255.255 inside
pdm location 10.1.1.36 255.255.255.255 inside
pdm location 10.1.1.67 255.255.255.255 inside
pdm location 10.0.0.0 255.255.255.0 inside
pdm location 10.1.1.0 255.255.255.224 inside
pdm location 10.1.1.93 255.255.255.255 inside
pdm location ###.###.46.112 255.255.255.252 outside
pdm location 171.68.225.213 255.255.255.255 outside
pdm location NAV2NET 255.255.255.255 inside
pdm history enable
arp timeout 1400
global (outside) 1 ###.###.41.71-###.###.41.93 netmask 255.255.255.224
global (outside) 1 ###.###.41.94 netmask 255.255.255.224
nat (inside) 0 access-list 102
nat (inside) 0 NAV2NET 255.255.255.255 0 0
nat (inside) 0 10.1.1.0 255.255.255.224 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) ###.###.41.70 10.1.1.12 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 ###.###.41.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:10:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 10.1.1.7 timeout 5 protocol TCP version
 1
url-cache dst 1KB
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 10.1.1.12 255.255.255.255 inside
http 10.1.1.93 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
isakmp enable outside
isakmp enable inside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
vpngroup vpnremote address-pool vpnpool1
vpngroup vpnremote dns-server 10.1.1.12
vpngroup vpnremote wins-server 10.1.1.12
vpngroup vpnremote default-domain mycompanysdomain.com
vpngroup vpnremote split-tunnel 101
vpngroup vpnremote idle-time 1800
vpngroup vpnremote password ********
telnet 10.1.1.12 255.255.255.255 inside
telnet 10.1.1.93 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
management-access inside
console timeout 0
username myusername password ******* encrypted privilege 15
terminal width 80
Cryptochecksum:*****
: end
pixfirewall#

Also here is the running-config for the Cisco 1600 router on the outside of the PIX

RouterName#show running-config
Building configuration...

Current configuration:
!
! Last configuration change at 03:40:48 edt Fri Jun 8 2007
! NVRAM config last updated at 03:40:50 edt Fri Jun 8 2007
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterName
!
enable secret ******
enable password ******
!
ip subnet-zero
clock timezone est -5
clock summer-time edt recurring
!
!
!
interface Ethernet0
 ip address ###.###.41.65 255.255.255.224
 no ip directed-broadcast
 no ip route-cache
!
interface Serial0
 ip address ###.###.46.114 255.255.255.252
 no ip route-cache
 bandwidth 256
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 23 permit any
access-list 100 permit tcp any host ###.###.41.65 eq ftp
access-list 100 permit tcp any host ###.###.41.65 eq ftp-data
access-list 100 permit tcp any host 10.1.1.12 eq ftp
access-list 101 permit tcp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
route-map outside permit 21
 set interface Ethernet0
!
!
line con 0
line vty 0 4
 password *****
 login
!
sntp server ###.###.16.20
sntp server ###.###.46.3
sntp server ###.###.41.41
end

RouterName#

LRMoor thank you for not abandoning me ~
I have entered your commands, i must note that when I enter 3DES or AES I recieve this message:
"VPN-3DES-AES is not enabled with current activation key."
I am still unable to connect to the PIX with the Cisco VPN Client from a remote location citing error message :
Secure VPN Connection terminated locally by the Client. Reason 414: Failed to establish a TCP Connection.

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ***** encrypted
passwd ***** encrypted
hostname pixfirewall
domain-name *****.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 10.1.1.105 NAV2NET
object-group service remotesoftware tcp
  port-object eq 4899
  port-object eq 1812
  port-object eq 8200
object-group service VPN tcp-udp
  description VPN Connections
  port-object eq 1783
  port-object eq 3389
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host ***.***.41.70 eq ftp
access-list acl_out permit tcp any host ***.***.41.70 eq smtp
access-list acl_out permit tcp any host ***.***.41.70 eq www
access-list acl_out permit tcp ***.***.46.112 255.255.255.252 host NAV2NET object
-group VPN log 7
access-list acl_out deny tcp any any eq 2101
access-list outside_access_in deny tcp any any object-group remotesoftware
access-list 101 permit ip host 10.1.1.252 host 10.1.1.0
access-list 102 permit ip host 10.1.1.252 host 10.1.1.0
access-list no_nat permit ip 10.1.1.0 255.255.255.0 192.168.199.0 255.255.255.0
access-list split_tunnel permit ip 10.1.1.0 255.255.255.0 192.168.199.0 255.255.
255.0
pager lines 24
logging on
logging timestamp
logging buffered debugging
logging trap debugging
logging host inside 10.1.1.93 17/1025
mtu outside 1500
mtu inside 1500
ip address outside ***.***.41.66 255.255.255.224
ip address inside 10.1.1.252 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool VPNPOOL 192.168.199.1-192.168.199.50
pdm location 10.1.1.7 255.255.255.255 inside
pdm location 10.1.1.12 255.255.255.255 inside
pdm location ***.***.41.65 255.255.255.255 outside
pdm location ***.***.41.65 255.255.255.255 inside
pdm location ***.***.41.0 255.255.255.0 outside
pdm location 10.1.1.60 255.255.255.255 inside
pdm location 10.1.1.36 255.255.255.255 inside
pdm location 10.1.1.67 255.255.255.255 inside
pdm location 10.0.0.0 255.255.255.0 inside
pdm location 10.1.1.0 255.255.255.224 inside
pdm location 10.1.1.93 255.255.255.255 inside
pdm location ***.***.46.112 255.255.255.252 outside
pdm location 171.68.225.213 255.255.255.255 outside
pdm history enable
arp timeout 1400
global (outside) 1 ***.***.41.71-***.***.41.93 netmask 255.255.255.224
global (outside) 1 ***.***.41.94 netmask 255.255.255.224
nat (inside) 0 access-list 102
nat (inside) 1 access-list no_nat 0 0
nat (inside) 0 NAV2NET 255.255.255.255 0 0
nat (inside) 0 10.1.1.0 255.255.255.224 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) ***.***.41.70 10.1.1.12 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 ***.***.41.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:10:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 10.1.1.7 timeout 5 protocol TCP version
 1
url-cache dst 1KB
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 10.1.1.12 255.255.255.255 inside
http 10.1.1.93 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set HIGH esp-des esp-sha-hmac
crypto dynamic-map map2 10 set transform-set HIGH
crypto map MYMAP 100 ipsec-isakmp dynamic map2
crypto map MYMAP interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication rsa-sig
isakmp policy 10 encryption des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup vpnremote address-pool VPNPOOL
vpngroup vpnremote dns-server 10.1.1.12
vpngroup vpnremote wins-server 10.1.1.12
vpngroup vpnremote default-domain mycompanysdomain.com
vpngroup vpnremote split-tunnel split_tunnel
vpngroup vpnremote idle-time 1800
vpngroup vpnremote password ********
telnet 10.1.1.12 255.255.255.255 inside
telnet 10.1.1.93 255.255.255.255 inside
telnet timeout 60
ssh timeout 5
management-access inside
console timeout 0
username myusername password ***** encrypted privilege 15
terminal width 80
Cryptochecksum:*****
: end
pixfirewall#

pixfirewall(config)# vpnclient enable
WARNING: Required configuration for PIX Easy VPN Remote not complete. Enabling PIX Easy VPN Remote failed.

! - - - upon enabling the vpnclient in client-mode I recieved this message:

pixfirewall(config)# vpnclient mode client-mode
pixfirewall(config)# vpnclient enable
* Remove "nat (inside) 0 102"
* Remove "nat (inside) 1 access-list no_nat"
* Detach crypto map attached to interface outside
* Remove manually configured ISA policies

CONFIG CLASH: Configuration that would prevent successful PIX Easy VPN Remote
operation has been detected, and is listed above. Please resolve the
above configuration clashes and re-enable.

! - - upon enabling vpnclient in network-extension-mode I recieved this message:

pixfirewall(config)# vpnclient mode network-extension-mode
pixfirewall(config)# vpnclient enable
* Remove "nat (inside) 0 102"
* Remove "nat (inside) 1 access-list no_nat"
* Detach crypto map attached to interface outside
* Remove manually configured ISA policies

CONFIG CLASH: Configuration that would prevent successful PIX Easy VPN Remote
operation has been detected, and is listed above. Please resolve the
above configuration clashes and re-enable.

! - - My current status and current status of the VPN Client
pixfirewall# show vpnclient

LOCAL CONFIGURATION
vpnclient server 67.130.41.66
vpnclient mode client-mode
vpnclient vpngroup vpnremote password ********

MISCELLANEOUS INFORMATION
- Key exchange is based on Pre-Shared Key

Ok, it was a long weekend, but I did here we go, here is the current running-config on the PIX, which is set up correctly now, and has been tested.  This configuration allows the Cisco VPN client to connect, authenticate, and pass the desired traffic through to the appropriate computers.  (vpn remote name 1) goes to the box inside that will be our test site for the go live website, so this vpn needs to allow remote desktop to that computer (10.1.1.105).  (vpn remote group name 1) Is a vpn connections for the executives in the company to access the network, also allows remote desktop to (10.1.1.12).  Each of these remote desktop connections authenticates with a doman username and password.  They are both separate, or in other words the vpn remote name 1 will only allow that vpn connection to remote desktop to the 10.1.1.105, and the vpn remote group 1 will only allow the remote dekstop connection to 10.1.1.12.
  Below this running-config I will paste the lines that I have added to what was not there before.  Then you could compare it this running-config to the previous one above, and also, see all of the lines that I added.    As far as the PDM issue is concerned, after I had gotten the PIX set up, I follwed lrmoore's instruction he originally gave me.  Before I did this, I closed all IE windows, and then in IE I went to Tools, Internet options, and deleted all temporary files, cookies and history, went to the security tab, then to Trusted Sites, and then in Sites, I deleted the entry for the https:// address of the PIX I had entered there before.  Then I went to the https:// address of the PIX again, "procedde to the website" when i reached the certificate warning, then I chose to "always trust" from this site.  Authenticated in the dialogue, the PDM initiated, authenticated again, and it loaded.  I waited 5 minutes, and went to the command line tool, and ran some simple commands to see if I was denied for the communication error, as i had before.it did not. I do not appear to be having any PDM communication issues any longer.  Thank you lrmoore for that.  
For convenience I'll put those commands again here.
#ca zeroize rsa
#ca generate rsa key 1024
#ca save all
#wr mem

! - - - -  Here is the current CORRECTLY configured  and tested running-config - - - -!
pixfirewall# show running-config
: Saved
:
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
(vpn name)if ethernet0 outside security0
(vpn name)if ethernet1 inside security100
enable password ********** encrypted
passwd ********* encrypted
host(vpn name) pixfirewall
domain-(vpn name) my_domain.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
no (vpn name)s
(vpn name) 10.1.1.105 NAV2NET
object-group service remotesoftware tcp
  port-object eq 4899
  port-object eq 1812
  port-object eq 8200
object-group service VPN tcp-udp
  description VPN Connections
  port-object eq 1783
  port-object eq 3389
access-list acl_out permit icmp any any
access-list acl_out permit tcp any host ***.***.41.70 eq ftp
access-list acl_out permit tcp any host ***.***.41.70 eq smtp
access-list acl_out permit tcp any host ***.***.41.70 eq www
access-list acl_out permit tcp ***.***.46.112 255.255.255.252 host 10.1.1.105 obj
ect-group VPN log 7
access-list acl_out deny tcp any any eq 2101
access-list outside_access_in deny tcp any any object-group remotesoftware
access-list 101 permit ip host 10.1.1.252 host 10.1.1.0
access-list 102 permit ip host 10.1.1.252 host 10.1.1.0
access-list no_nat permit ip 10.1.1.0 255.255.255.0 192.168.199.0 255.255.255.0
access-list NO-NAT permit ip host 10.1.1.105 192.168.199.0 255.255.255.0
access-list NO-NAT permit ip host 10.1.1.12 192.168.199.0 255.255.255.0
access-list SPLIT-vpnremote permit ip host 10.1.1.105 192.168.199.0 255.255.255.
0
access-list SPLIT-(vpn name) permit ip host 10.1.1.12 192.168.199.0 255.255.255.
0
pager lines 24
logging on
logging timestamp
logging buffered debugging
logging trap debugging
logging host inside 10.1.1.93 17/1025
mtu outside 1500
mtu inside 1500
ip address outside ***.***.41.66 255.255.255.224
ip address inside 10.1.1.252 255.255.255.0
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool VPNPOOL 192.168.199.1-192.168.199.50
pdm location 10.1.1.7 255.255.255.255 inside
pdm location 10.1.1.12 255.255.255.255 inside
pdm location ***.***.41.65 255.255.255.255 outside
pdm location ***.***.41.65 255.255.255.255 inside
pdm location ***.***.41.0 255.255.255.0 outside
pdm location 10.1.1.60 255.255.255.255 inside
pdm location 10.1.1.36 255.255.255.255 inside
pdm location 10.1.1.67 255.255.255.255 inside
pdm location 10.0.0.0 255.255.255.0 inside
pdm location 10.1.1.0 255.255.255.224 inside
pdm location 10.1.1.93 255.255.255.255 inside
pdm location ***.***.46.112 255.255.255.252 outside
pdm location 171.68.225.213 255.255.255.255 outside
pdm location 10.1.1.105 255.255.255.255 inside
pdm location 192.168.199.0 255.255.255.0 outside
pdm location 196.40.16.136 255.255.255.255 outside
pdm history enable
arp timeout 1400
global (outside) 1 ***.***.41.71-***.***.41.93 netmask 255.255.255.224
global (outside) 1 ***.***.41.94 netmask 255.255.255.224
nat (inside) 0 access-list NO-NAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) ***.***.41.70 10.1.1.12 netmask 255.255.255.255 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 ***.***.41.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:10:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
url-server (inside) vendor websense host 10.1.1.7 timeout 5 protocol TCP version
 1
url-cache dst 1KB
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 10.1.1.12 255.255.255.255 inside
http 10.1.1.93 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection tcpmss 1200
sysopt connection permit-ipsec
crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map VPN-CLIENTS 10 set transform-set DES-MD5
crypto map VPN-MAP 65535 ipsec-isakmp dynamic VPN-CLIENTS
crypto map VPN-MAP interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpnremote address-pool VPNPOOL
vpngroup vpnremote dns-server 10.1.1.12
vpngroup vpnremote wins-server 10.1.1.12
vpngroup vpnremote default-domain my_domain.com
vpngroup vpnremote split-tunnel SPLIT-(vpn remote name 1)
vpngroup vpnremote idle-time 1800
vpngroup vpnremote password ********
vpngroup (vpn name) address-pool VPNPOOL
vpngroup (vpn name) dns-server 10.1.1.12
vpngroup (vpn name) wins-server 10.1.1.12
vpngroup (vpn name) default-domain my_domain.com
vpngroup (vpn name) split-tunnel SPLIT-(vpn name)
vpngroup (vpn name) idle-time 1800
vpngroup (vpn name) password ********
telnet 10.1.1.12 255.255.255.255 inside
telnet 10.1.1.93 255.255.255.255 inside
telnet timeout 60
ssh ***.***.***.*** 255.255.255.255 outside
ssh timeout 5
management-access inside
console timeout 0
user(vpn name) ********** password ********** encrypted privilege 15
vpnclient server ***.***.41.66
vpnclient mode client-mode
vpnclient vpngroup ********** password ********
terminal width 80
Cryptochecksum:25851f65698754321654453866fdbe774c
: end
pixfirewall#

! - - - -  BELOW ARE THE LINES MISSING FROM THE PREVIOUS RUNNING-CONFIG, THESE ARE THE  
! - - - - LINES ADDED OVER THE WEEKEND.  

no nat (inside) 0
access-list NO-NAT permit ip host 10.1.1.105 192.168.199.0 255.255.255.0
access-list NO-NAT permit ip host 10.1.1.12 192.168.199.0 255.255.255.0
nat (inside) 0 access-list NO-NAT


isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

! - - - THIS LINE IS NECESSARY FOR REMOTE DESKTOP
sysopt connection tcpmss 1200

no crypto map MYMAP 100

crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map VPN-CLIENTS 10 set transform-set DES-MD5
crypto map VPN-MAP 65535 ipsec-isakmp dynamic VPN-CLIENTS
crypto map VPN-MAP interface outside

no vpngroup (vpn remote name 1) split-tunnel split_tunnel
access-list SPLIT-(vpn remote name 1) permit ip host 10.1.1.105 192.168.199.0 255.255.255.0
vpngroup (vpn remote name 1) split-tunnel SPLIT-(vpn remote name 1)

access-list SPLIT-(vpn group name 1) permit ip host 10.1.1.12 192.168.199.0 255.255.255.0

vpngroup (vpn group name 1) address-pool VPNPOOL
vpngroup (vpn group name 1) dns-server 10.1.1.12
vpngroup (vpn group name 1) wins-server 10.1.1.12
vpngroup (vpn group name 1) default-domain my_domain.com
vpngroup (vpn group name 1) split-tunnel SPLIT-(vpn group name 1)
vpngroup (vpn group name 1) idle-time 1800
vpngroup (vpn group name 1) password ********


Thank you  lrmoore, and batry boy for taking the time to help me with this.  
/happydance

Glad you worked it out.