i must segmenting my network. the network would look like in attachment. i have switches cisco catalyst 2960 and all my users go to internet over asa 5510. number of users is 250. the asa 5510 can fullfill the needs? i have one more question. my VLAN70 contains servers.how users from outside of the asa 5510 to access to VLAN70 not like NAT? in VLAN70 contains DNS servers, Domain Controller. those users over NAT wouldn’t see Domain controller for authentication. because i’m created VLAN90 that i’d sidestepped the ASA5510 and over VLAN’s infratructure i will enable access to server. is this solution possible?