I've run into a problem and I can't tell if it's a "you can't really do that" type or the brain-fart type.
We are starting to test out the AAA cut-through-proxy feature to see if it can satisfy some access requirements we have. I have the authentication part working but it would require me to open up the BVI we use for management/syslog to everyone...and this is where my problem starts. I tried the 'virtual http <ip>' command and used an IP that is in the same range as the BVI we use for management but I was unable to see the IP anywhere. Checking on the FWSM there were no ARP entries and trying to ping it from inside or outside the FWSM failed. I looked through the docs I could find on the subject and the only thing I could find was that the address needed to be routable to the FWSM but the address I'm trying to use has all of our other servers on it so that requirement should be met. I've tried doing an identity NAT with the address with no luck too so I'm a little stuck :).
Vlan55 (outside) -> FWSM -> Vlan56 (inside)
Vlan55 has an SVI on the 6500 with an IP of 10.14.0.1
BVI1 (bridging 55 and 56) in the FWSM has an IP of 10.14.0.8
Addresses inside vlan56 are 10.14.0.0/16
This is also a redundant setup with another 6500/FWSM, but from what I read it didn't look like that mattered.
Any insight would be appreciated!!