Basically, all you need is UDP port 500, NAT-T will do the rest.
Connections are initiated from the inside and while everything is allowed in that direction, this should work by default.
If you have an access-list that limits traffic from inside to outside, you might need to allow this traffic.
Regards,
Leo