I've a DMVPN up and running but if a node gets an other IP-address of the ISP or a router (node or hub) reloads it takes 2 - 3 hours before a new connection is established.

I believe it's a timer problem (especially IPsec) But there are a lot of timers (and they influend each other)

Node config::

crypto ipsec transform-set transform_dk esp-3des esp-sha-hmac

mode transport

!

crypto ipsec profile profile_dk

set security-association lifetime second 86400

set security-association idle-time 150

set transform-set transform_dk

interface Tunnel1

description --- DMVPN tunnel ---

ip address 10.132.136.1 255.255.192.0

no ip redirects

ip mtu 1428

ip nhrp authentication password

ip nhrp map multicast 194.x.x.25

ip nhrp map 10.132.128.1 194.x.x.25

ip nhrp network-id 1000

ip nhrp holdtime 300

ip nhrp nhs 10.132.128.1

ip hello-interval eigrp 1 30

ip hold-time eigrp 1 65

qos pre-classify

tunnel source BVI1

tunnel mode gre multipoint

tunnel key 1000

tunnel protection ipsec profile profile_dk

Which are the optimal values for next timers???

ip nhrp holdtime 300

set security-association lifetime second 86400

set security-association idle-time 150

ip hello-interval eigrp 1 30

ip hold-time eigrp 1 65

I haven't found a description from how these timers influend each other. Is there a description?