1. The Cisco ASA support dhcp-relay function. The below lab is demonstrated on GNS3, ASA version is ASAv961

2.Topology:

3.Configuration on ASA: ! interface GigabitEthernet0/0 nameif dmz security-level 95 ip address 198.51.100.1 255.255.255.0 ! interface GigabitEthernet0/1 nameif inside security-level 90 ip address 192.0.2.1 255.255.255.0 dhcprelay server 198.51.100.2 ! dhcprelay server 198.51.100.2 dmz dhcprelay enable inside dhcprelay setroute inside dhcprelay timeout 60 ! Configuration on DHCP Server:

! interface Ethernet0/0 ip address 198.51.100.2 255.255.255.0 ! ip route 192.0.2.0 255.255.255.0 198.51.100.1

! ip dhcp excluded-address 192.0.2.1 192.0.2.2 ip dhcp excluded-address 192.0.2.10 192.0.2.254 ! ip dhcp pool POOL1 import all network 192.0.2.0 255.255.255.0 dns-server 192.0.2.10 192.0.2.11 domain-name cisco.com default-router 198.51.100.2 !

4.Debugging on DHCP server: # debug ip dhcp server packet # show ip dhcp binding # clear ip dhcp binding * # show ip dhcp server statics on ASA relay-agent: # debug dhcprelay event # debug dhcprelay packet

  1. Output ASA DHCPD/RA: Relay msg received, fip=ANY, fport=0 on inside interface DHCP: Received a BOOTREQUEST from interface 4 (size = 364) DHCPD/RA: Binding successfully added to hash table DHCPRA: relay binding created for client 0050.7966.6801. DHCPRA: setting giaddr to 192.0.2.1. dhcpd_forward_request: request from 0050.7966.6801 forwarded to 198.51.100.2. DHCPD/RA: Relay msg received, fip=ANY, fport=0 on dmz interface DHCP: Received a BOOTREPLY from relay interface 3 (size = 301, xid = 0xd48a2408) at 01:41:39 UTC Sun Jul 15 2018 DHCPRA: relay binding found for client 0050.7966.6801. DHCPD/RA: creating ARP entry (192.0.2.3, 0050.7966.6801). DHCPRA: Adding rule to allow client to respond using offered address 192.0.2.3 DHCPRA: forwarding reply to client 0050.7966.6801. DHCPD/RA: Relay msg received, fip=ANY, fport=0 on inside interface DHCP: Received a BOOTREQUEST from interface 4 (size = 364) DHCPRA: relay binding found for client 0050.7966.6801. DHCPRA: Server requested by client 198.51.100.2 DHCPRA: setting giaddr to 192.0.2.1. DHCPRA: Server request counter 1 dhcpd_forward_request: request from 0050.7966.6801 forwarded to 198.51.100.2. DHCPD/RA: Relay msg received, fip=ANY, fport=0 on dmz interface DHCP: Received a BOOTREPLY from relay interface 3 (size = 301, xid = 0xd48a2408) at 01:41:40 UTC Sun Jul 15 2018 DHCPRA: relay binding found for client 0050.7966.6801. DHCPRA: exchange complete - relay binding deleted for client 0050.7966.6801. DHCPD/RA: Binding successfully deactivated DHCPRA: returned relay binding 192.0.2.1/0050.7966.6801 to address pool. dhcpd_destroy_binding() removing NP rule for client 192.0.2.1 DHCPD/RA: free ddns info and binding DHCPD/RA: creating ARP entry (192.0.2.3, 0050.7966.6801). DHCPRA: forwarding reply to client 0050.7966.6801.

DHCP SERVER debugging output: DHCPserver# *Jul 15 01:41:45.067: DHCPD: client's ××× is . *Jul 15 01:41:45.067: DHCPD: No option 125 *Jul 15 01:41:45.067: DHCPD: DHCPDISCOVER received from client 0100.5079.6668.01 through relay 192.0.2.1. *Jul 15 01:41:45.067: DHCPD: Sending DHCPOFFER to client 0100.5079.6668.01 (192.0.2.3). *Jul 15 01:41:45.067: DHCPD: no option 125 *Jul 15 01:41:45.067: DHCPD: unicasting BOOTREPLY for client 0050.7966.6801 to relay 192.0.2.1. *Jul 15 01:41:46.061: DHCPD: client's ××× is . *Jul 15 01:41:46.061: DHCPD: No option 125 *Jul 15 01:41:46.061: DHCPD: DHCPREQUEST received from client 0100.5079.6668.01. *Jul 15 01:41:46.061: DHCPD: Appending default domain from pool *Jul 15 01:41:46.061: DHCPD: Using hostname 'PC-21.cisco.com.' for dynamic update (from hostname option) *Jul 15 01:41:46.061: DHCPD: Sending DHCPACK to client 0100.5079.6668.01 (192.0.2.3).DHCPD: Setting only requested parameters

*Jul 15 01:41:46.061: DHCPD: no option 125 *Jul 15 01:41:46.061: DHCPD: unicasting BOOTREPLY for client 0050.7966.6801 to relay 192.0.2.1. DHCPserver#

Reference and Further reading: https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116265-configure-product-00.html