Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

asa 5550 dhcp relay

Good Day,

Please pardon this duplicate of yesterday's post, but I think this is a more coherent description of my problem.

I have a test environment set up with clients connected behind multiple security contexts on a Cisco ASA 5550 which is configured for DHCP relay. The DHCP server is located outside the firewall.

The client dhcp discover packets reach the dhcp server with a source address of the outside interface (the relay), but the data in the packet indicates that the relay address is the gateway (inside int) for the vlan/subnet upon which the client resides, not the outside interface address. Consequently, the dhcp offer packets are addressed to an unknown IP and dropped.

Dynamic nat is performed between int 53upperout and the inside interfaces (560,561 etc)

Here's the relay state:

53upper(config)# sh dhcprelay state

Context Configured as DHCP Relay

Interface 53upperout, Configured for DHCP RELAY

Interface 560, Configured for DHCP RELAY SERVER

Interface 561, Configured for DHCP RELAY SERVER

Interface 540, Configured for DHCP RELAY SERVER

Interface 541, Configured for DHCP RELAY SERVER

Interface 550, Configured for DHCP RELAY SERVER

Interface 551, Configured for DHCP RELAY SERVER

The relay worked within one context (avoiding nat) so I'm wondering if that is the source of the problem.

Any help appreciated


Hall of Fame Super Blue

Re: asa 5550 dhcp relay


It's not entirely clear what your setup is but from the ASA 8.x configuration guide -

"For multiple context mode, you cannot enable DHCP relay on an interface that is used by more than one context."

Full link -

Does this apply to your setup ?


CreatePlease to create content