1) What's the vlan-group? Which vlans should I include on this group? Every single vlan that will be crossing the FW?

The vlan-group command is used to group VLANs together and then reference that group when assigning VLANs to the FWSM module.  The VLANs you have in this group is really up to you.  The number of VLANs that you assign to the FWSM is up to you, but this is a very broad question as it goes into network design and then this will depend on your requirements.  Because of this I am going keep my suggestion short.  Configre VRFs on the 6500 to seperate the different security levels.  Networks that should be able to communicate with eachother freely should be placed in the same VRF.  Networks that should have restricted access between eachother should be placed in different VRFs.  Try to keep the number of VRFs to a minimum for ease of managment.  The ASA should have a VLAN interface for each VRF.  Set a default route on the 6500 for each VRF to point to their respective ASA IP.  **This is just a suggestion and should be implemented at your own risk**

2) Do I have to configure vlan group and a SVI before being able to session into the Firewall? Can I run "session slot X processor 1" without configuring anything on the 6500 before?

Yes, you need to assign VLANs to the FWSM so that the switch is able to communicate with the firewall.

3) What could be the main reasons why I could get a timeout when trying to session into the FW?

See answer from question #2

--

Please remember to select a correct answer and rate helpful posts