I've setup a required lab in my office consisting of the following hardware in order from laptop-a to laptop-b
Catalyst 6509 MSFC2 172.30.224.1/20 (hsrp standby 224.2 Router15, 224.3 Router16)
2691 IPSec/CBAC firewall fa0/0 172.30.224.120/20
2691 IPSec/CBAC firewall fa0/1 172.31.48.100/24)
Cisco 3640 E0/0 172.31.48.1/24
Cisco 3640 E0/1 172.30.7.10/24
Cisco 3640 E0/0 172.30.7.1/24
Cisco 3640 E0/1 172.30.208.1/20
Issue: On Laptop-a, I'm port mirroring the connection stream between the 2691 fa0/0 interface and the Catalyst switch.
If from laptop-a I ping the MSFC2 router at IP 172.30.224.1, I receive one echo from laptop-a and one echo-reply from the MSFC2.
If form latop-a I ping the 2691 fa0/0 interface at IP 172.30.224.120, sniffer reports 1 echo form laptop-a but duplicate echo-reply packets from the fa0/0 interface on the 2691.
If from laptop-a I ping fa0/1 which is IP 172.31.48.100, sniffer reports two echo's from laptop-a and two echo-reply from the 2691 interface fa0/1.
I'm running NAT on my inside and outside interfaces.
Anyone have an explanation for this?