Create an ACL to allow the traffic to pass? Assuming you're using esp and ike.
access-list 111 permit esp
access-list 111 permit udp
access-group 111 in interface outside
That will let it pass through un-natted. If you need to nat then you'll need to create a static nat.
Oh yeah, I just remembered, if the clients are using NAT traversal, you'll need to permit the UDP port being used - most often UDP 10000 but could be whatever port NAT-T is set to.