For those of us who like it simple I thought I would post the config statements for a Static-Dhcp IPSEC tunnel using pre-shared keys.


Peer1 has 1.1.1.1 assigned static to eth0 and 10.0.0.0/24 on the inside eth1
Peer2 has a dhcp address on eth0 and 10.0.1.0/24 on the inside eth1
Peer2 will need to send an ID to Peer1 since you won't have an address to rely upon.
This ID is arbitrary as far as I know but must begin with @.

Also, if you are using SNATs on either end you will need to exclude the remote network as a destination for the SNAT. See below.

Peer1
Code:

set vpn ipsec ipsec-interfaces interface eth0
set vpn ipsec ike-group ikegroup1 proposal 1
set vpn ipsec ike-group ikegroup1 proposal 1 encryption aes128
set vpn ipsec ike-group ikegroup1 proposal 1 hash sha1
set vpn ipsec ike-group ikegroup1 proposal 2 encryption aes128
set vpn ipsec ike-group ikegroup1 proposal 2 hash sha1
set vpn ipsec ike-group ikegroup1 lifetime 3600
set vpn ipsec esp-group espgroup1 proposal 1
set vpn ipsec esp-group espgroup1 proposal 1 encryption aes128
set vpn ipsec esp-group espgroup1 proposal 1 hash sha1
set vpn ipsec esp-group espgroup1 proposal 2 encryption 3des
set vpn ipsec esp-group espgroup1 proposal 2 hash md5
set vpn ipsec esp-group espgroup1 lifetime 1800
set vpn ipsec site-to-site peer @PEER2ID authentication mode pre-shared-secret
set vpn ipsec site-to-site peer @PEER2ID authentication pre-shared-secret SomeRandomKey
set vpn ipsec site-to-site peer @PEER2ID ike-group ikegroup1
set vpn ipsec site-to-site peer @PEER2ID local-ip 1.1.1.1
set vpn ipsec site-to-site peer @PEER2ID tunnel 1 local-subnet 10.0.0.0/24
set vpn ipsec site-to-site peer @PEER2ID tunnel 1 remote-subnet 10.0.1.0/24
set vpn ipsec site-to-site peer @PEER2ID tunnel 1 esp-group espgroup1

Peer2
Code:

set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec ike-group ikegroup1 proposal 1
set vpn ipsec ike-group ikegroup1 proposal 1 encryption aes128
set vpn ipsec ike-group ikegroup1 proposal 1 hash sha1
set vpn ipsec ike-group ikegroup1 proposal 2 encryption aes128
set vpn ipsec ike-group ikegroup1 proposal 2 hash sha1
set vpn ipsec ike-group ikegroup1 lifetime 3600
set vpn ipsec esp-group espgroup1 proposal 1
set vpn ipsec esp-group espgroup1 proposal 1 encryption aes128
set vpn ipsec esp-group espgroup1 proposal 1 hash sha1
set vpn ipsec esp-group espgroup1 proposal 2 encryption 3des
set vpn ipsec esp-group espgroup1 proposal 2 hash md5
set vpn ipsec esp-group espgroup1 lifetime 1800
set vpn ipsec site-to-site peer 1.1.1.1 authentication mode pre-shared-secret
set vpn ipsec site-to-site peer 1.1.1.1 authentication pre-shared-secret SomeRandomKey
set vpn ipsec site-to-site peer 1.1.1.1 authentication id @PEER2ID
set vpn ipsec site-to-site peer 1.1.1.1 ike-group ikegroup1
set vpn ipsec site-to-site peer 1.1.1.1 local-ip 0.0.0.0
set vpn ipsec site-to-site peer 1.1.1.1 tunnel 1 local-subnet 10.0.1.0/24
set vpn ipsec site-to-site peer 1.1.1.1 tunnel 1 remote-subnet 10.0.0.0/24
set vpn ipsec site-to-site peer 1.1.1.1 tunnel 1 esp-group espgroup1


NAT Example:

Peer2 also happens to be using a Masquerade NAT which translates anything from 10.0.1.0/24 to the dhcp assigned address on eth0.
You must exclude traffic to the remote network from being NAT'ed.
Code:

 rule 1 {
     destination {
         address !10.0.0.0/24
     }
     outbound-interface eth1
     source {
         address 10.0.1.0/24
     }
     type masquerade
 }