It depends on how granular you want to monitor. Finding the SNMP OID's for what you want out of the PIX can be hard, personally I usually use alternate methods............I may use MRTG (snmp based) to monitor the bandwidth and uptime on the PIX, but thats about it.

You can use NTOP and put it on a monitor/sniffer port behind your firewall.

Internet <--> PIX --> Hub --> Switch --> Users

NTOP http://www.ntop.org/ntop.html is a linux based application that monitors traffic flows at the host level, and is also very good for baselining your network.

I have had much success with Red Hat 7,8,9 and NTOP.

If you only want to monitor VPN Users and you have a specific pool allocated for them, you can use Berkely Packet Filters to drill it down

i.e.,

VPN Pool = 10.1.5.0/27

/usr/local/bin/ntop -i eth1 -u ntop -P /home/ntop -d -B "net 10.1.5.0/27)" -w 8000

where -w = Port you want NTOP's web server to listen on

-P = path to ntop database

-i = interface you want NTOP to listen on

-B = regular expression BPF filter

-u = user that the NTOP process runs under

If you are not comfortable installing and working with Linux, there is a image of a linux distro called OSSIM http://www.ossim.net/ . All you'll need to do is burn the image to a CD and once you install it, the bulk of the configuration is done.