Hello
We just installed an ASA 5516-X to productions as an east/west routed firewall. It is Firepower Threat Defense 6.4.0.4-34 managed by onboard Firepower Defense Manager.
The DHCP server is 192.168.5.21
The inside of the ASA is 192.168.5.1
The outside of the ASA is 192.168.20.2
The nexthop switch from the ASA is 192.168.20.1
The switch has a l3 interface for VLAN 8 which is 192.168.16.1 and is configured with "ip helper-address 192.168.5.21"
It looks like DHCP requests from VLAN 8 are not making it through the ASA.
"packet-tracer input outside udp 192.168.16.1 4321 192.168.5.21 67" shows the traffic allowed.
"capture cap1 interface outside type raw-data match udp host 192.168.16.1 host 192.168.5.21 eq 67" shows lot of packets.
"caputure cap2 interface outside type asp-drop all match udp host 192.168.16.1 host 192.168.5.21 eq 67" shows 0 packets.
"caputure cap3 interface inside type raw-data match udp host 192.168.16.1 host 192.168.5.21 eq 67" shows 0 packets.

We rolled back the install and have a TAC case open.  We are waiting to schedule a maintenance windows when an engineer can help troubleshoot this, but I wanted to see if anyone else has run into this. 

We also tried setting up a DHCP relay on the ASA using a FlexConfig template, and then point the helper on the switch to the ASA so it is a double relay.  We didn't get a chance to actually test if that was successful or not though, and its not ideal.  The unicast traffic should be able to pass the ASA.

Thanks,
Leon