I have a hub site with a Cisco 2811 and several remote sites, running a mixture of Cisco 851 and 871 routers configured for site-to-site VPN. I am in the process of adding DHCP scopes and DNS zones for the remote computers to enable easier management, and have several of these sites successfully pulling IP addresses and registering in DNS at the central site. Here's a sample of the spoke config from a working site, which I copied to another site (10.30.1.1):
interface Vlan1
description Site 302
ip address 10.30.2.1 255.255.255.0
ip helper-address 172.16.0.1
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
And here's UDP packet debug from the non working site, 10.30.1.1 which has identical configuration (hardware and software, both Cisco 870 running c870-advipservicesk9-mz.124-15.T7.) As you can see, the router is correctly packing up the broadcast from a CPU sending a DHCP broadcast and sending it on to the helper address.
000150: .Nov 16 20:50:33.752: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=308
000151: .Nov 16 20:50:33.752: UDP: sent src=10.30.1.1(67), dst=172.16.0.1(67), length=308
000152: .Nov 16 20:50:38.862: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=263
000153: .Nov 16 20:50:38.866: UDP: sent src=10.30.1.1(67), dst=172.16.0.1(67), length=263
000154: .Nov 16 20:50:49.683: UDP: rcvd src=0.0.0.0(68), dst=255.255.255.255(67), length=308
000155: .Nov 16 20:50:49.683: UDP: sent src=10.30.1.1(67), dst=172.16.0.1(67), length=308
But at this site, the helper address never replies, or the replies never get through. I have not yet put a monitor on the DHCP server, as I'm out at the spoke site…that's the next step. But all the access-lists are the same, and what's more, communication to the DHCP server, say, via remote desktop, works flawlessly. Database connections to servers at central site are fine. Every form of communication works, TCP or UDP, except DHCP queries.
So, what have I missed? The DHCP server is a Windows 2008 server, and has several scopes on it already, is there a limit to the total number of scopes allowed? I didn't think so.
Obviously the scope is activated. The addresses match. The same DHCP server is happily serving addresses to all the other remote sites.
Best Answer
Double check your scope on the DHCP server, It almost sounds like DHCP is not seeing a valid scope definition for this subnet. Make sure your router address is correct in the scope options.
Try removing the scope and re-adding it from scratch to see if you may have something entered incorrectly that you're not seeing.