Since there are so many views of this topic I post what finally worked for me and might help others.
Maybe Hoba adds it to his tutorial...
RULE: AH * * WAN address * * AH for IPsec
RULE: ESP * * WAN address * * ESP for IPsec
RULE: UDP * * WAN address 500 * UDP500 for IPsec
If you use the settings from pfSense (which is ESP as Phase 2 protocol), you don't need the AH rule.
Do not use any NAT rules, this is not necessary and NAT-traversal (NAT-T) of IPsec is a task on its own.
This usually would require UDP4500 and other things I am not familiar with.
Have a look here: http://en.wikipedia.org/wiki/NAT_traversal