Do you mean the pix as a vpn endpoint or allowing vpn through the pix?
If you mean to the pix then to allow ipsec to the outside interface issue the sysopt connection permit-ipsec which will bypass the pix ASA.
If you mean through the pix then you need to allow ESP protocol 50, AH protocol 51, and ISAKMP udp 500. Hope this helps.