Hi,
Here are a few options to consider;
1. Issue the command: ‘same-security-traffic infra-interface’ allowing you to trombone the outside interface. Ensure that any additional NAT’s are in place to facilitate this.
2. If the sites/services in the non-corporate network have an associated public DNS record, replicate this record in your internal DNS servers by pointing to the real (192.168.1.x) IP of the site/service. Ensure that you have the specific ACL permits in place between zones, and the relevant NAT’s in place (172.16.1.x <> 192.168.1 x).
3. Use the Cisco ASA rewrite option that will inject the internal/real IP of the site/service should a matching NAT be configured. This will ensure any DNS query originating from your corporate network to upstream DNS servers are provided the internal IP of the service. This is completed should an external DNS lookup be completed. Please read the following for further information on how to achieve this;
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115753-dns-doctoring-asa-config.html
Similarly to the other options, the required ACL’s and NAT’s would need to be in place to facilitate this.