i must segmenting my network. the network would look like in attachment. i have switches cisco catalyst 2960 and all my users go to internet over asa 5510. number of users is 250. the asa 5510 can fullfill the needs? i have one more question. my VLAN70 contains servers.how users from outside of the asa 5510 to access to VLAN70 not like NAT? in VLAN70 contains DNS servers, Domain Controller. those users over NAT wouldn't see Domain controller for authentication. because i'm created VLAN90 that i'd sidestepped the ASA5510 and over VLAN's infratructure i will enable access to server. is this solution possible?
As regards VLAN90, where the cable went from router to asa 5510 port which belongs to VLAN90 (is this posible?). this construction i would use that users from the others network can authenticating to active directory(VLAN70) and they use the other services. i dont know how use active directory over ASA5510's NAT. can you help me?
If I am understanding you correctly:
the users from outside ASA 5510 are not from public networks(internet). those users are from the other networks of my company. the ISP is made tunnels from those networks over ISP router to outside ASA5510. my construction with VLAN90 from attached picture will work?the accessing from one VLAN to another also works over NAT?