On a 3725 running C3725-ADVSECURITYK9-M, Version 12.4(5a), we have two different DMVPN tunnels configured, each on a different external IP address. They use NHRP and IPSEC. CEF is enabled on the router.
On one tunnel, several routers are connected and eigrp is used as a routing protocol. All those routers can communicate to eachother via the central router.
One of the leaf nodes connects to the second DMVPN tunnel and a static routing is used there. It can communicate with the central site without problems, but it cannot talk to the routers connected to the other DMVPN tunnel.
It looks like the traffic cannot hop from one DMVPN tunnel end to the other inside the central site router, but it routes OK to the other interfaces in that router. There are also some "standard" IPSEC tunnels (not DMVPN) defined in that router, and traffic routes there too.
It does not appear there are any access list rules that are matching (looking at counters for deny rules).
What could be going on here? A bug, or something that has to be configured to allow this routing?
With older versions of IOS I saw issues like this (like not being able to route from one "standard" IPSEC tunnel into another) when CEF was enabled, and disabling CEF fixed that, but those seemed to be cured. I don't want to disable CEF right now.