Symptom
-Within a DMVPN Phase 3 configuration, if a Spoke receives an NHRP Resolution Request it will create an "implicit" with the requester's information:
Spoke1#show ip nhrp
10.1.1.2/32 via 10.1.1.2
Tunnel0 created 00:00:03, expire 00:04:56
Type: dynamic, Flags: router implicit nhop nf
NBMA address: 172.16.2.1
(no-socket)
-In a properly operating scenario, the responding Spoke will delay the NHRP Resolution Reply, initiate crypto to the requesting Spoke, and an IPsec tunnel will be established in order to send the previously-delayed NHRP Resolution Reply with the requested information
-If crypto fails to build for any reason, every 60 seconds the responding Spoke will process the delayed NHRP Resolution Request/Response, refresh the implicit NHRP entry, and initiate crypto
Conditions
-DMVPN Spoke with Phase 3 configuration
-Crypto negotiation fails on NHRP responder/crypto intiator for any reason
Workaround
-Manually clearing the stuck implicit entry will cause the NHRP process to start over whenever a Spoke-to-Spoke tunnel is needed
-If crypto builds properly, this symptom will not occur
