multiple private nets on ASA?

Sure, thats the idea of seperate interfaces :-), you can also use the

5th Interface (management) for a seperate subet. You can also have different Subnets on the same physical interface, separated with VLAN.

Here is a combined example:

interface Ethernet0/0 nameif outside no shutdown security-level 0 ip address 222.111.222.111 255.255.255.0 ! interface Ethernet0/1 nameif dmz no shutdown security-level 20 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet0/2 nameif internal1 no shutdown security-level 40 ip address 192.168.2.0 255.255.255.0 ! interface Ethernet0/2.100 vlan 100 nameif wlan security-level 30 ip address 192.168.21.1 255.255.255.0 ! interface Ethernet0/3 nameif internal3 no shutdown security-level 60 ip address 192.168.3.1 255.255.255.0 ! interface Management0/0 nameif inside no shutdown security-level 100 ip address 192.168.100.1 255.255.255.0 !

Don't forget the "no shutdown" and read your management switch documentations about VLAN, if you will use it.

cu

Isn't that called secondary addressing? I read through a cisco doc and it said that secondary addressing couldn't be done? That was one of the things that worried me about this.

Or maybe separated w/ VLAN is what makes the difference?

You can't have two Subnets on the same interface. But when you define VLANs on a physical interface, it looks like two separate interfaces. On a managed switch, you can separate the VLAN's in separate Blocks, every Port can be on this or on a other VLAN. You must play arround with it.

cu