I had to set up a Pix to Pix VPN tunnel where one of the Pixes had a dynamic IP Adress. Here is the sample configs:
Static Side (Pix):
access-list inside_outbound_nat0_acl permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_cryptomap_filial permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
ip address outside X.X.X.X Y.Y.Y.Y
nat (inside) 0 access-list inside_outbound_nat0_acl
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
isakmp enable outside
isakmp key 1234567890 address 0.0.0.0 netmask 0.0.0.0
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 1
isakmp policy 10 lifetime 86400
Dynamic Address (ASA):
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
access-list CRYPTO-TO-XXX extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list INSIDE_OUTBOUND_NAT0_ACL extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list INSIDE_OUTBOUND_NAT0_ACL
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map CRYPTO 10 match address CRYPTO-TO-XXX
crypto map CRYPTO 10 set pfs group1
crypto map CRYPTO 10 set peer X.X.X.X
crypto map CRYPTO 10 set transform-set ESP-3DES-SHA
crypto map CRYPTO interface outside
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encryption 3des
hash sha
group 1
lifetime 86400
crypto isakmp nat-traversal 20
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X ipsec-attributes
pre-shared-key 1234567890
Source Links:
Configuring PIX to PIX Dynamic-to-Static IPSec with NAT and Cisco VPN Client
PIX/ASA 7.x PIX-to-PIX Dynamic-to-Static IPsec with NAT and VPN Client Configuration Example