If you use ASDM:
- Configuration>Site-to-Site VPN>Advanced
- NAT transparency. (Check Enable IPsec over NAT-T)
- Optionally force to TCP with the Enable IPsec over TCP.
If you prefer the command line, in global configuration enter
crypto isakmp nat-traversal