Has anyone use Cisco 891-K9 to forward 443/SSL to a SSL VPN appliance?

(I've never encoutered this situation before because either the public facing router terminated VPN directly or we had multiple public IPs to assign the VPN appliance directly a public IP).

With "ip nat inside source static tcp 44.55.66.255 443 10.10.10.150 443 extendable" it's supposed to forward the SSL request to the SSL VPN appliance at 10.10.10.150 to have VPN requests be terminated there.

But failed miserably becaues 891-K9 created a virtual ARP entry for 10.10.10.150. So two MACs with same IP.

So 443 requests were beings sent to its interface. Upon the NAT statement, I can't ssh into the SSL-VPN appliance, but the moment the statemet is gone, I can ssh and ARP dupliacte warning goes away.

*Nov 1 19:22:46.871: %IP-4-DUPADDR: Duplicate address 10.10.10.150 on Vlan10, sourced by aaaa.bbbb.cccc
*Nov 1 19:23:18.083: %IP-4-DUPADDR: Duplicate address 10.10.10.150 on Vlan10, sourced by aaaa.bbbb.cccc
*Nov 1 19:23:48.295: %IP-4-DUPADDR: Duplicate address 10.10.10.150 on Vlan10, sourced by aaaa.bbbb.cccc
rtr#sh clock
*19:24:26.487 UTC Sun Nov 1 2015
rtr#sh ip arp 10.10.10.150
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.150 - e02f.6d96.8dd0 ARPA Vlan10
rtr#sh ip arp 10.10.10.150
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.150 - e02f.6d96.8dd0 ARPA Vlan10
rtr#sh sh ip route 10.10.10.150

Cisco TAC is trying to reproduce this problem at the moment to report to dev.

Has anyone else had this problem or a workaround?

Thanks.