This document answers a frequently asked question about the Cisco Adaptive Security Appliance (ASA).
Can a transparent mode ASA be configured without an IP address on the bridge group?
No, a transparent mode ASA must be configured with an IP address for each Layer 2 bridge group.
Besides using the IP for any traffic sourced from the ASA, the ASA must ARP or send out an ICMP message in order to determine out of which interface the destination MAC resides (if the MAC address is not in the ASA CAM table). Without a valid IP address assigned to the ASA that is in the same IP subnet as adjacent devices, traffic might fail to pass through the transparent ASA since the ARP and ICMP process cannot complete.