The issue is with the vpn tunnel not coming up after a reboot/power cycle

We have been having issues on 2811-ISR, as EZ VPN remotes, Net-extension mode set to auto when the outside interface is set for DHCP and not static. A disable/enable of the interface resolves the issue immediately.

The testing log below shows what we are seeing. My guess is that the outside interface hasn't completely come up by the time the tunnel setup is initiated.

We have tested both inside our lab as well as outside using DSL and cable circuits. We can repeat this 100% of the time with DHCP. There is no issue with statically assigned IP addresses. Unfortunately 35% of the offices receiving these equipment upgrades have DHCP assigned IP addresses. It doesn't seem to matter if the router keeps or changes outside address on boot.

Is there a way to delay the tunnel initialization ?

Remote Equipment is 2811-HSEC/K9 running 12.4(2)T4

000081: *Jun 15 08:10:54.723 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/13, changed state to up

000082: *Jun 15 08:11:00.967 PCTime: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address xxx.xxx.10.193, mask 255.255.255.0, hostname User-ID

000083: *Jun 15 08:11:26.639 PCTime: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xxx.xxx.10.193, prot=50, spi=0x888888888(222222222), srcaddr=xxx.xxx.203.230

000084: *Jun 15 08:11:57.355 PCTime: %CRYPTO-4-IKMP_NO_SA: IKE message from xxx.xxx.203.230 has no SA and is not an initialization offer