SPLAT NGx R65 2.4 kernel Active/Active Multicast mode

[cciesec2006]

I have a pair of NGx R65 SPLAT 2.4 kernel running HFA_30 and in Active/Active
multicast mode, NO SecureXL. Everything is working fine. I know how
multicast mode works.

From FW-1, when I ping host "linux", when I run tcpdump on the linux host with
"tcpdump -i eth0 -nnn icmp", I see the "echo request" coming from the
clusterXL IP of the firewall, which is expected.

BUT what I am seeing next is kinda weird. The "linux" host replied with two
"echo reply" to the clusterXL IP as seen below:

[Expert@rkv-mdsmc-ng]# tcpdump -nnn -i eth0 icmp and net 64.17.1
tcpdump: listening on eth0
19:01:08.230011 64.17.1.225 > 129.174.1.13: icmp: echo request (DF)
19:01:08.230044 129.174.1.13 > 64.17.1.225: icmp: echo reply
19:01:08.230299 129.174.1.13 > 64.17.1.225: icmp: echo reply
19:01:09.230053 64.17.1.225 > 129.174.1.13: icmp: echo request (DF)
19:01:09.230073 129.174.1.13 > 64.17.1.225: icmp: echo reply
19:01:09.230217 129.174.1.13 > 64.17.1.225: icmp: echo reply
19:01:10.230133 64.17.1.225 > 129.174.1.13: icmp: echo request (DF)
19:01:10.230151 129.174.1.13 > 64.17.1.225: icmp: echo reply
19:01:10.230297 129.174.1.13 > 64.17.1.225: icmp: echo reply


As you can see the linux is sending back 2 echo reply to the firewall.
Is this normal in multicast mode? Thanks.