You dont say which version of code you are running, and you dont say whether you use nat or pat, let's assume you are using 7.x code and nat, you would need:
1). static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255
2). access-list someacl extended permit udp any host x.x.x.x eq 1194
for PAT, replace #1 with:
static (inside,outside) udp interface 1194 y.y.y.y 1194 netmask 255.255.255.255
for 6.3, it would be:
Nat would be the same, then,
access-list someacl permit udp any host x.x.x.x netmask 255.255.255.255 eq 1194
Check the configuration guides for specifics. They can be found:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_installation_and_configuration_guides_list.html
I assume you are using openvpn so that you have sslvpn? If not, why not just terminate ipsec clients on your 501 (or upgrade to an ASA 5505 which WILL support sslvpn)? Seems kind of silly to pass vpn traffic THROUGH a device that was designed to terminate VPNs.