interface Vlan1
 nameif inside
 security-level 100
 ip address 172.168.100.1 255.255.255.252 
!
interface Vlan2
 nameif DMZ
 security-level 50
 ip address 172.168.200.1 255.255.255.0 
!
interface Vlan3
 nameif outside
 security-level 0
 ip address dhcp setroute 
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network DATA
 subnet 192.168.100.0 255.255.255.0
object network STORAGE
 subnet 192.168.200.0 255.255.255.0
object network WIRELESS
 subnet 192.168.90.0 255.255.255.0
object network VPN-HOSTS
 subnet 192.168.50.0 255.255.255.0
object network WEBSERVER-PUBLICIP
 host A.B.C.D
object network WEBSERVER-REALIP
 host 172.168.200.10
object network HYPERVSWITCH
 subnet 192.168.10.0 255.255.255.0

access-list OUTSIDE-IN remark [Access list for incoming pakets on OUTSIDE interface]
access-list OUTSIDE-IN extended permit icmp any any 
access-list OUTSIDE-IN extended permit tcp any 172.168.200.0 255.255.255.0 eq www 
access-list OUTSIDE-IN extended permit tcp any 172.168.200.0 255.255.255.0 eq https 

access-list DMZ-IN remark [Access list for incoming pakets on DMZ interface]
access-list DMZ-IN extended permit icmp any any 
access-list DMZ-IN extended permit udp 172.168.200.0 255.255.255.0 any object-group INTERNET-UDP 
access-list DMZ-IN extended permit tcp 172.168.200.0 255.255.255.0 any object-group INTERNET-TCP 

nat (inside,outside) source static DATA DATA destination static VPN-HOSTS VPN-HOSTS
nat (inside,outside) source static STORAGE STORAGE destination static VPN-HOSTS VPN-HOSTS
nat (inside,outside) source static WIRELESS WIRELESS destination static VPN-HOSTS VPN-HOSTS
nat (inside,outside) source static onprem-networks onprem-networks destination static azure-networks azure-networks
nat (inside,outside) source static HYPERVSWITCH HYPERVSWITCH destination static VPN-HOSTS VPN-HOSTS
nat (DMZ,outside) source static WEBSERVER-REALIP WEBSERVER-PUBLICIP
!
object network DATA
 nat (inside,outside) dynamic interface
object network STORAGE
 nat (inside,outside) dynamic interface
object network WIRELESS
 nat (inside,outside) dynamic interface
object network HYPERVSWITCH
 nat (inside,outside) dynamic interface
access-group INSIDE-IN in interface inside
access-group DMZ-IN in interface DMZ
access-group OUTSIDE-IN in interface outside
route inside 192.168.10.0 255.255.255.0 172.168.100.2 1 
route inside 192.168.80.0 255.255.255.0 172.168.100.2 1 
route inside 192.168.90.0 255.255.255.0 172.168.100.2 1 
route inside 192.168.100.0 255.255.255.0 172.168.100.2 1 
route inside 192.168.200.0 255.255.255.0 172.168.100.2 1