Please pardon this duplicate of yesterday's post, but I think this is a more coherent description of my problem.
I have a test environment set up with clients connected behind multiple security contexts on a Cisco ASA 5550 which is configured for DHCP relay. The DHCP server is located outside the firewall.
The client dhcp discover packets reach the dhcp server with a source address of the outside interface (the relay), but the data in the packet indicates that the relay address is the gateway (inside int) for the vlan/subnet upon which the client resides, not the outside interface address. Consequently, the dhcp offer packets are addressed to an unknown IP and dropped.
Dynamic nat is performed between int 53upperout and the inside interfaces (560,561 etc)
Here's the relay state:
53upper(config)# sh dhcprelay state
Context Configured as DHCP Relay
Interface 53upperout, Configured for DHCP RELAY
Interface 560, Configured for DHCP RELAY SERVER
Interface 561, Configured for DHCP RELAY SERVER
Interface 540, Configured for DHCP RELAY SERVER
Interface 541, Configured for DHCP RELAY SERVER
Interface 550, Configured for DHCP RELAY SERVER
Interface 551, Configured for DHCP RELAY SERVER
The relay worked within one context (avoiding nat) so I'm wondering if that is the source of the problem.
Any help appreciated