Hello Justin
In a typical setup for a site-to-site IPsec VPN using Cisco ASA, you don’t need specific static routes for the remote IPs that are used in phase 2 selectors. The phase 2 “selectors” are essentially the defined address ranges within the crypto ACL that specify the interesting traffic for the VPN. These are the subnets or hosts you wish to protect by the VPN.
When traffic matches the criteria specified in that ACL, the VPN is invoked and the traffic is sent over the tunnel.
The Cisco ASA will route traffic based on its routing table. It checks the destination of the packet and finds the egress interface. If the traffic matches an interesting traffic defined for a VPN tunnel, then the traffic is encrypted and sent through the tunnel. Otherwise, it is routed normally as per the routing table.
So in the context of a dynamic peer setup, where the remote IP can change, the most important factor is the crypto ACL or the “selectors” for the IPsec tunnel, not the static route. You should configure your ACLs to match the expected traffic from your network to the dynamic peer networks.
Your default gateway towards the WAN IP will route normal traffic, and not traffic that is matched by the ACL. That traffic will be encrypted and will be sent through the VPN tunnel. If traffic matches such an ACL, no routing information is necessary, since the VPN is a point-to-point construct. This is further illustrated in this NetworkLessons note about VPN default gateways for clients.
I hope this has been helpful!
Laz