I'm in the same boat.
PC with Cisco VPN client, configured for Group Auth, Tunneling IPSEC over UDP.
I'm unable to get the desktop client to work behind the PFSENSE box (tried 1.01 and todays CVS). If I put the VPN client in FRONT of the box, IE on the public IP, works first time, like a charm. Dialup, works find. Sprint Wireless Modem, works fine. Behind the PFSENSE box, no work.
I've tried NAT/Port forwarding, TCP/UDP 500, TCP/UDP 10000, ESP, etc. No work.
I'd be happy with EITHER the VPN client working, or the PFSense box establishing the connection. Either would serve what I need to accomplish. HELP!