1. The Cisco ASA support dhcp-relay function. The below lab is demonstrated on GNS3, ASA version is ASAv961

2.Topology:

3.Configuration on ASA:!interface GigabitEthernet0/0nameif dmzsecurity-level 95ip address 198.51.100.1 255.255.255.0!interface GigabitEthernet0/1nameif insidesecurity-level 90ip address 192.0.2.1 255.255.255.0dhcprelay server 198.51.100.2!dhcprelay server 198.51.100.2 dmzdhcprelay enable insidedhcprelay setroute insidedhcprelay timeout 60!Configuration on DHCP Server:

!

interface Ethernet0/0ip address 198.51.100.2 255.255.255.0!ip route 192.0.2.0 255.255.255.0 198.51.100.1

!

ip dhcp excluded-address 192.0.2.1 192.0.2.2ip dhcp excluded-address 192.0.2.10 192.0.2.254!ip dhcp pool POOL1import allnetwork 192.0.2.0 255.255.255.0dns-server 192.0.2.10 192.0.2.11domain-name cisco.comdefault-router 198.51.100.2!

4.Debugging

on DHCP server: # debug ip dhcp server packet

show ip dhcp binding

# clear ip dhcp binding *                                                     # show ip dhcp server statics

on ASA relay-agent: # debug dhcprelay event

debug dhcprelay packet

5. Output
   ASA
   DHCPD/RA: Relay msg received, fip=ANY, fport=0 on inside interface
   DHCP: Received a BOOTREQUEST from interface 4 (size = 364)
   DHCPD/RA: Binding successfully added to hash table
   DHCPRA: relay binding created for client 0050.7966.6801.
   DHCPRA: setting giaddr to 192.0.2.1.
   dhcpd_forward_request: request from 0050.7966.6801 forwarded to 198.51.100.2.
   DHCPD/RA: Relay msg received, fip=ANY, fport=0 on dmz interface
   DHCP: Received a BOOTREPLY from relay interface 3 (size = 301, xid = 0xd48a2408) at 01:41:39 UTC Sun Jul 15 2018
   DHCPRA: relay binding found for client 0050.7966.6801.
   DHCPD/RA: creating ARP entry (192.0.2.3, 0050.7966.6801).
   DHCPRA: Adding rule to allow client to respond using offered address 192.0.2.3
   DHCPRA: forwarding reply to client 0050.7966.6801.
   DHCPD/RA: Relay msg received, fip=ANY, fport=0 on inside interface
   DHCP: Received a BOOTREQUEST from interface 4 (size = 364)
   DHCPRA: relay binding found for client 0050.7966.6801.
   DHCPRA: Server requested by client 198.51.100.2
   DHCPRA: setting giaddr to 192.0.2.1.
   DHCPRA: Server request counter 1
   dhcpd_forward_request: request from 0050.7966.6801 forwarded to 198.51.100.2.
   DHCPD/RA: Relay msg received, fip=ANY, fport=0 on dmz interface
   DHCP: Received a BOOTREPLY from relay interface 3 (size = 301, xid = 0xd48a2408) at 01:41:40 UTC Sun Jul 15 2018
   DHCPRA: relay binding found for client 0050.7966.6801.
   DHCPRA: exchange complete - relay binding deleted for client 0050.7966.6801.
   DHCPD/RA: Binding successfully deactivated
   DHCPRA: returned relay binding 192.0.2.1/0050.7966.6801 to address pool.
   dhcpd_destroy_binding() removing NP rule for client 192.0.2.1
   DHCPD/RA: free ddns info and binding
   DHCPD/RA: creating ARP entry (192.0.2.3, 0050.7966.6801).
   DHCPRA: forwarding reply to client 0050.7966.6801.

DHCP SERVER debugging output:

DHCPserver#Jul 15 01:41:45.067: DHCPD: client's ××× is .

Jul 15 01:41:45.067: DHCPD: No option 125Jul 15 01:41:45.067: DHCPD: DHCPDISCOVER received from client 0100.5079.6668.01 through relay 192.0.2.1.

Jul 15 01:41:45.067: DHCPD: Sending DHCPOFFER to client 0100.5079.6668.01 (192.0.2.3).Jul 15 01:41:45.067: DHCPD: no option 125

Jul 15 01:41:45.067: DHCPD: unicasting BOOTREPLY for client 0050.7966.6801 to relay 192.0.2.1.Jul 15 01:41:46.061: DHCPD: client's ××× is .

Jul 15 01:41:46.061: DHCPD: No option 125Jul 15 01:41:46.061: DHCPD: DHCPREQUEST received from client 0100.5079.6668.01.

Jul 15 01:41:46.061: DHCPD: Appending default domain from poolJul 15 01:41:46.061: DHCPD: Using hostname 'PC-21.cisco.com.' for dynamic update (from hostname option)

Jul 15 01:41:46.061: DHCPD: Sending DHCPACK to client 0100.5079.6668.01 (192.0.2.3).DHCPD: Setting only requested parameters

Jul 15 01:41:46.061: DHCPD: no option 125

Jul 15 01:41:46.061: DHCPD: unicasting BOOTREPLY for client 0050.7966.6801 to relay 192.0.2.1.DHCPserver#

Reference and Further reading: