Gents , 

I have a ASA 5506 Firewall work as a transparent mood.  I am trying to add ACL to port 1 and 2 to accept only 2 specific ip address to that port.

this ASA have BVI interface  that assigned to PORT 1 and PORT 2 on the firewall.

ASA giga Port 1 must accept only device that contain ip 10.1.1.1 and ASA giga port 2 must accept only device that contain the ip  10.1.1.2 . 

Both ports are on the same security level and traffic transport between same security level is enabled. ASA is not connected to internet.

 I try to write an ACL as follows :

create an object

object network FBM
host 10.1.1.1

Create ACL
access-list BLK  extended permit ip object FBM any

access-group
access-group BLK  in interface prod

Interface:
interface GigabitEthernet1/1
bridge-group 99
nameif prod
security-level 100
!

But  when i try to connect host 10.1.1.4 to the interface 1 It let me still ping to 10.1.1.3 (BVI interface).  what i want to achieve is it should not let anything inn if the ip address is not 10.1.1.1  on port 1 . 

Can you help pls ?