Hi Abhisar,

Now lets assume a situation in which, you already have a very large and complex setup and you are faced with a situation wherein you want to add a firewall in your network without making any routing changes:

Internet --------------> Router -----------------> Inteenal LAN

So by using the ASA in transparent mode you can achieve that:

Internet ----------------> Router ----------------ASA(transparent)---------Internal LAN

So thats the benefit of ASA in transparent mode.

Moreover it saves you in making changes all across the newtork if you want to add a firewall, but it has limitation and disadvantages as well, it does not support:

• NAT /PAT

  NAT is performed on the upstream router.

  Note: Starting with ASA/PIX 8.0(2), NAT/PAT is supported in the transparent firewall.

• Dynamic routing protocols (such as RIP, EIGRP, OSPF)

  You can add static routes for traffic that originates on the security  appliance. You can also allow dynamic routing protocols through the  security appliance with an extended access list.

  Note: IS-IS is IP protocol 124 (is-is over ipv4). IS-IS  transient packets can be allowed through the transparent mode by the  form of an ACL that permits protocol 124. The transparent mode supports  all 255 IP protocols.

• IPv6

• DHCP relay

  The transparent firewall can act as a DHCP server, but it does not  support the DHCP relay commands. DHCP relay is not required because you  can allow DHCP traffic to pass through with an extended access list.

• Quality of Service (QOS)

• Multicast

Here is a doc to understand it better:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008089f467.shtml

Hope this helps.

Please mark this thread as answered and do rate helpful posts.

Thanks,

Varun