dynamic-map is used when the vpn client has no fixed public ip. e.g. a remote user establishing vpn via a dial-up connection or a home adsl user that being assigned a different ip from the isp.
alternatively, providing both sites have static public ips, then you can configure lan-lan vpn, which involves normal crypto map rather than dynamic crypto map.
the main difference between the two is that with normal crypto map (i.e. lan-lan), either sites can initiate the vpn; whereas with dynamic crypto map (i.e remote vpn client or ezvpn), only the client can initiate the vpn. nonetheless, once the vpn is fully established, both sites can access each other according to the crypto acl.
regarding the issue #2, the first statement is to remove the relation between the acl and the dynamic crypto map only, the acl will be sitting in the config; whereas the second statement is to delete the acl completely.
imagine the same acl has been shared by the dynamic crypto map and the no-nat. in that case, you don't want to use the second statement becase it will affect both dynmaic crypto map as well as the no-nat; thus you will use the first statement to just remove the mapping between the dynamic crypto map and the acl, and leave the acl in the pix config (for no-nat).
in fact, (from memory only) i don't think you can delete the acl without removing all the mapping/relationship. pix will report an error.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...