Cisco ASA Series Cli Configuration Manual page 139

Chapter 1 Configuring the Transparent or Routed Firewall
Information About the Firewall Mode
Figure 1-1 shows a typical transparent firewall network where the outside devices are on the same subnet
as the inside devices. The inside router and hosts appear to be directly connected to the outside router.
Figure 1-1 Transparent Firewall Network
Bridge Groups
If you do not want the overhead of security contexts, or want to maximize your use of security contexts,
you can group interfaces together in a bridge group, and then configure multiple bridge groups, one for
each network. Bridge group traffic is isolated from other bridge groups; traffic is not routed to another
bridge group within the ASA, and traffic must exit the ASA before it is routed by an external router back
to another bridge group in the ASA. Although the bridging functions are separate for each bridge group,
many other functions are shared between all bridge groups. For example, all bridge groups share a syslog
server or AAA server configuration. For complete security policy separation, use security contexts with
one bridge group in each context.
Cisco ASA Series CLI Configuration Guide
1-3