need config help for site to site VPN. HeadOffice with Pix 515 with static public IP and Two branchOffice with dynamic Public IP. Branch office are equiped with 877 router
Here is a sample configuration with 1 dynamic peer and vpn client on PIX:
Just assume that vpn client is the second dynamic peer because essentially vpn client is also a dynamic peer. If you check the NAT exemption statement, the second ACL line would be towards the ip pool subnet assigned to the vpn client, so just assume that the second ACL line is towards your second dynamic peer LAN subnet.
Unfortunately there is no sample configuration with 2 dynamic lan-to-lan peers, however, the concept is the same on the above sample config.