I got a layer3 switch cat2960xr that connected behind the firewall for inside network. Is it possible if I can use part of the switch (few ports) for the dmz zone or I have to purchase separate switch for that? Please see attachment.
I noticed your SVI for vlan 2 is incorrect IP address: "192.168.1.0 255.255.255.0" so change it to something different IP address from what you have assinged to ASA's inside interface such as: "192.168.1.2 255.255.255.0". I hope you have something like this on your ASA's inside interface "192.168.1.1 255.255.255.0"
ip address 192.168.1.2 255.255.255.0
Don't forget to add a default route, pointing to your ASA's inside interface address, on the switch as shown below.
ip route 0.0.0.0 0.0.0.0 192.168.0.1
Last but not least, you don't forget to create dynamic nat for your hosts on your ASA located inside your network.