Yes it is possible. Your head End should have a static IP while the remote end can have a dynamic IP. Head end should be configured with a dynamic crypto map. But the head end would not be able to trigger connections only the remote site can trigger the tunnel. Sample config at the head end would be
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key ********** address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 30
!
crypto ipsec security-association idle-time 60
!
crypto ipsec transform-set test esp-3des esp-sha-hmac
crypto ipsec df-bit clear
!
crypto dynamic-map l2lipsec 10
set transform-set test
match address 124