i must segmenting my network. the network would look like in attachment. i have switches cisco catalyst 2960 and all my users go to internet over asa 5510. number of users is 250. the asa 5510 can fullfill the needs? i have one more question. my VLAN70 contains servers.how users from outside of the asa 5510 to access to VLAN70 not like NAT? in VLAN70 contains DNS servers, Domain Controller. those users over NAT wouldn’t see Domain controller for authentication. because i’m created VLAN90 that i’d sidestepped the ASA5510 and over VLAN’s infratructure i will enable access to server. is this solution possible?
Security best practices is never run traffic from the inside of your network to the outside without passing it through a firewall. An ASA5510 is quite old and may have some issues support your traffic throughput needs if you are running all vlan to vlan communication through it. Each vlan needs a gateway so do these gateway IPs reside on the ASA?