I found an interesting vPath behavior in VSG with ASA 1000v deployement on ESXi cluster.
ASA 1000v have 2 interfaces only for data (Inside and Outside).
When you want to enable the vPath for the ASA, you should apply vservice node type asa on the port-profile of your virtual machines, when you do this step, you lose the VSG policy for those virtual machines.
I decided to create 3 port-profiles, 2 for virtual machines (to send some to VSG and some for ASA 1000v), and 1 port-profile for ASA inside interface, when I apply the vservice command under ASA inside port-profile, the ASA doesn't permit the traffic proprly with the defined policies (although the ASA is able to ping and receive icmp from the VMs).
I appreciate if someone can clarify this point or have some insight on this subject.
You need to use vpath service chaining if you want to use VSG/ASA together. Below link has information about the service chaining: