Hope you can understand what i meant

let me know if need more info

eventually ill need to allow communication between the 10.10.10.0/24 network to the other network in the squared color.
but not allow communication between computers in the green square to the red square and vice versa

Thanks

Hello @gal.avichid 

You cannot have the same IP subnet attached to different L3 equipment without employing advanced techniques like VRF or NAT...so more complex routing configurations.

Each subnet should be unique within a given L3 domain. When same subnets are attached to different L3 equipment, it can lead to issues with routing and confusion about the next hop for specific IP addresses...

Can you give some more info about the principal with the NAT?

@gal.avichid 

When dealing with overlapping subnets across two environments connected to separate Cisco ASA devices, NAT is crucial for facilitating communication. Implement Dynamic PAT on the common network interface of the Cisco ASA facing both environments, mapping multiple private IP addresses to a single public IP address (e.g., 192.168.14.1) using different port numbers. This configuration ensures unique identification of source IP addresses. Verify that traffic from both environments can reach the common network using the translated public IP address. Additionally, implement firewall rules to control traffic flow and consider NAT exemption for specific communications.

MHM

One min 
can you check if ASA support VRF ?
if Yes you can use same subnet in separate VRF and hence achieve both your requirement 

Exactly @MHM Cisco World 

It is multi-context on the ASA no ?

I will check VRF in ASA 
it as you mention before solve by VRF or NAT one NAT 10.10.10.0/24 to other subnet and then using route in MyCiscoASA toward the Mapped IP not real IP and hence we get one route for 10.10.10.0/24 and other route for Mapped IP 
and for isolation he can use ACL to drop any traffic between these interface. 
BUT I prefer VRF is ASA support it 
thanks 
MHM

Agree with you @MHM Cisco World ! 

Hi

I can't find VRF, my ASA 5506 is without any special license, so I can't believe I have this option.

I have tried set the NAT, but I guess i forgot something:

ciscoasa(config)# object network obj-10.10.10.0
ciscoasa(config-network-object)# subnet 10.10.10.0 255.255.255.0
ciscoasa(config)# object network obj-mapped-ip-range
ciscoasa(config-network-object)# range 192.168.171.0 255.255.255.0
ciscoasa(config)# nat (cc-171,inside-171) source dynamic obj-10.10.10.0 obj-mapped-ip-range

ciscoasa(config)# route cc-171 192.168.171.0 255.255.255.0 192.168.16.2

ciscoasa(config)# object network obj-10.10.10.0

ciscoasa(config-network-object)# subnet 10.10.10.0 255.255.255.0

ciscoasa(config)# nat (cc-171,inside-171) source dynamic obj-mapped-ip-range <- we add NAT under real object not under mapped object 

!

ciscoasa(config)# object network obj-mapped-ip-range
ciscoasa(config-network-object)# range 192.168.171.0 255.255.255.0

!

ciscoasa(config)# route cc-171 192.168.171.0 255.255.255.0 192.168.16.2 <- I dont get why you add this route in ciscoasa it must be in MyciscoASA 

For VRF yes it true that ASA not support vrf only ftd.

MHM

what is the difference between mapped object and real object?

is the NAT rule need to be on the ciscoasa or MYCISCOASA?

Thanks

real IP object <<- that include real IP 
mapped IP object <<- that include mapped IP