In the concerned design, the client/server vlans are on the inside of the FWSM. So for e.g. FWSM inside is VLAN100 which receives client hits which also has the servers connected.
I believe a different vlan needs to be created for the client and servers such as VLAN100 for client and VLAN101 for servers and then these should be bridged.
Now, VLAN100 is shared between FWSM inside and ACE Client. So, how will the vlan-group be defined on the MSFC in this scenario.
I posted an answer on the same issue a while ago.
Following is the link