If the branch offices do not have fixed IPs there is not much you can do about this on the firewall.
You need to add a route on your firewall that directs all traffic to the destination IPs of these VPNs to be forwarded to some IP address that is reachable from your second interface (i.e. the IP address of some device connected to your firewall's second interface). Any traffic that is arrives FROM these branch offices needs to arrive on this second interface also (e.g. the traffic needs to be routed to you over this second interface by other devices outside of your firewall). That should happen anyway as the destination IP of packets from those branch offices would be the IP of your second interface and should come in on that interface.
The firewall cannot route packets based on policy (i.e. HTTP traffic goes out this route and VPN traffic goes out this other route). It can only route packets based on destination address. Every time the IP address of the branch office changes you would have to change the route on the firewall.
that are very bad news for me.
The first interface is the incomming Interface for my VPN teleworkers. regarding this threat https://community.mcafee.com/message/220763#220763 i have switcht on Nat-T on this interface for a working rekeying procedure with the shrewsoft Client.
But now my branch offices are offline on this interface. My workaround for this was a seperate interface for the branch offices.
Now i have no idea, howto deal with vpn Teleworkers and VPN Branch Offices :-(
Can someone help me with this please?
thanks in advance