If you have two Cisco ASAs, you can configure one end (usually a dynamic IP end) to do "Easy VPN", which basically lets the dynamic ASA use the remote access VPN (group name, PSK, username, password) to connect. It looks like pfSense can be the static end, but can it be the dynamic client end? In other words, I want to setup a dynamic-to-static site-to-site VPN tunnel, and have pfSense be the dynamic end, and have it use IPSec with xauth (group name, PSK, username, password), instead of the plain IPSec site-to-site VPN tunnel.
Mainly this simplifies the Cisco ASA configuration, so I can setup a new dynamic-to-static VPN tunnel without having to make any changes on the main office Cisco ASA end. If pfSense can do this that would be an amazing tool to be able to setup VPN tunnels in a snap.