The PAT that the Watchguard is doing is stopping your IPSec packets. you can enable NAT-T on the PIx so that it and the VPn client will encapsulate the IPSec packets into UDP packets, which the Watchguard sould then be able to PAT properly.
The following v6.3 command on the PIX should get you going:
isakmp nat-traversal
Make sure the "Enable Transparent Tunnelling" checkbox is enabled on the VPN client connection properties also (should be on by default).