We had a situation where we would get two xlate entries on an FWSM for the same public IP resulting in occasional looping of traffic. For example:
static nat entry for <private IP B on inside interface> to <public IP A on outside interface>
xlate entries would be created for inside:B to outside:A
However we would also see entries for outside:A to outside:A.
Sometimes this would cause traffic to loop back to the gateway of the FWSM and sometimes it would pass it through. When we would clear the xlate table traffic would start passing again. Sometimes for hours sometimes for minutes and then it would happen again. I understand that xlate is looked at before routes so this makes sense. What I don't understand, is if there are two xlate entries, which does it choose to use to translate the traffic?
The fix seems to have been to remove the same-security-traffic permit intra-interface command. I understand what this command does as well, what I don't understand about this is what conditions would have created the outside to outside xlate.