Update ---- dont say anything yet to your teacher. It seems there is one way. Let me check.

Hi @Kuladbr 

  It is working now. With ASA 5505 and Vlans.

You were on the right path, you just missed a few things. But test everything and let me know. 

Thank you very much @Flavio Miranda  I will try to test it and let you know, can you explain what was the problem ? 

Of course. 

  Basically the configuration that superseed the 3 vlans problem is this one. You had it already but I was not understanding it. I found out during my research that this is the fix.

object network inside-nat

subnet 192.168.1.0 255.255.255.0

nat (inside,outside) dynamic interface

But then you had some other issues, I will list here.

==>  You created Access List, and you did it right, but you need to apply the Access List with:

!

access-group OUTSIDE-TO-DMZ in interface outside

access-group OUTSIDE-TO-DMZ out interface dmz

!

which means, you are permiting traffic comming from outside and leaving through dmz. 

==> You need to add routing on the Firewall in order to the communication with inside happen.

route inside 172.16.0.0 255.255.0.0 192.168.1.2 1

Otherwise, all traffic will be send to outside, as you created a default route :

route outside 0.0.0.0 0.0.0.0 209.165.200.254 1

And this is it for the Firewall. 

On the router CORP,  I had to change also a few things. 

The Routers does not know how to get to the dmz network, so, I had to add a static route like this

ip route 209.165.200.0 255.255.255.0 209.165.200.253

And this:

ip route 172.16.0.0 255.255.0.0 209.165.200.253

And then, I used the command "redistribute static subnets" on theOSPF. This way I will inform the whole network that I can reach the dmz and inside. 

 I think this is it.  If you have any more doubt, just ask.

Hi @Flavio Miranda , Thank you for brief description!, I continued on working on this file based on the instruction from pdf that I have posted earlier and in the step 6 it says to  Configure ACLs on the CORP Router to Implement the Security Policy, after I have configured that I can not establish connection in :
– Net Admin PC in the Internal network that can access the URL http://www.externalone.com;
– Admin PC that can establish an SSH connection to the CORP router (209.165.200.226) with the username CORPSYS and password LetSysIn.
– External User cannot establish an SSH connection to the CORP router (209.165.200.226). this says in the CORP Router, I attached again the file. I would be very grateful if you can check this.

Send the show run from the router please.

Below there is show run in zip file and in the previous reply picture and .pkt file

Did you see this?

https://habemegygol.wordpress.com/2012/12/21/ccna-security-pt-practice/ 

I think you IPS is not Ok and can be blocking.

 The ACL seems ok.

You ACL need to look like this

ip access-list extended INCORP_CORP
permit tcp any host 209.165.200.241 eq www
permit tcp any host 209.165.200.242 eq domain
permit udp any host 209.165.200.242 eq domain
permit tcp 198.133.219.32 0.0.0.31 host 209.165.200.226 eq 22
permit ip host 198.133.219.2 host 209.165.200.226
permit ip 198.133.219.32 0.0.0.31 209.165.200.240 0.0.0.15
exit
interface Serial0/0/0
ip access-group INCORP in

Thank you very much now I see where I have made mistake.

Hi,

 To help you, this is a comparison netween ASA 5506 and 5505. As you can see, if 5505 you can have maximum 3 vlans but on of them will be restricted.