This may clarify the issue:

Mohd Imtiaz Hussain · ‎06-29-2015

Client behing VRF gateway and firewall is not obtaining IP address.

below is the connectivity. IP helper address is configured on cisco6509 VRF vlan.

PC/Laptop ---->Cisco 6509---VRF(Vlan)--->Cisco 6513---->ASA firewall--->DHCP Server.

Gateway for PC/Laptop is 6509switch and DHCP server is connected on 6513.

Any connection to DHCP server has to pass through ASA firewall.

Maykol Rojas · ‎06-29-2015

This may clarify the issue:

You must be directly connected to the security appliance and cannot send requests through another relay agent or a router.

http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116265-configure-product-00.html

Mike.

Mike

rizwanr74 · ‎06-29-2015

Hello Imtiaz,

If you are trying to pass relay DHCP request witin 6509-switch from one-vrf to global routing space on the same 6509-switch is not doable.

Is your 6509's interface which connects to 6513 in the same vrf as PC/Laptop vlan?

It is not, it has to be.

thanks

Mohd Imtiaz Hussain · ‎06-29-2015

Hi Rizwan

it is in same vrf. and vrf routes are toward firewall IP.

rizwanr74 · ‎06-30-2015

Hello Imtiaz,

If you want to isolate certain segment of the network you can also use vlan-map, which is more flexible than vrf and private-vlans.

https://supportforums.cisco.com/discussion/11418361/isolated-vlan-implementation

This maybe helpfull to you.

thanks

DHCP issue