ipsec uses isakmp/ike to negotiate the paramaters.
This protocol (IKE) uses udp port 500 (for src and destination).
IPSEC is actually the combination of 2 thinkgs.
ESP and AH.
ESP uses the IP protocol number 50 and AH uses 51.
so your firewall should permit these ports/protocols.