Need a hand here trying to figure out an odd situation.

I have 2 ASAs directly connected to each other at Site A and Site B. I have site to site vpns terminating at Site A. Remote sites communicate with networks inside Site A (172.25.0.0/16). Every once in a while, I notice that my MAN connection between the 2 firewalls is saturated with 20Mb/s of traffic in each direction. It seems that Site A ASA is sending traffic from the site to site destined for 172.25.x.x towards Site B. Then site B turns around and sends the traffic back to Site A, Site A ASA then sends back to Site B. Routing ping pong? This repeats itself over and over again. Routing tables are correct in each device. Site A 5516-x should be sending traffic destined to 172.25.4.x to vlan4 interface, not GRN interface. I have no idea why this is happening.

(outside vpns, 172.16.x.x)

Site A 5516-x (GRN interface 172.27.10.17) <--------------------> Site B 5510 (177 interface 172.27.10.18)

(inside vlans, 172.25.0.0/16)

Site A sho conn

ICMP GRN 172.16.10.246:1 GRN  172.25.4.40:0, idle 0:00:00, bytes 41602656, flags X
this would also show the UDP connection shown below in Site B, but I deleted this connection (actually had to shun the ip and delete the conn as it kept reappearing)

Site A sho route
C        172.25.4.0 255.255.255.0 is directly connected, vlan4

Site B sho conn

ICMP 177 172.16.10.246:1 177 172.25.4.40:0, idle 0:00:00, bytes 9644640

UDP 177 172.16.9.5:161 177 172.25.4.20:60393, idle 0:00:00, bytes 2553741606, flags -

Site B sho route

R    172.25.4.0 255.255.255.0 [120/1] via 172.27.0.17, 0:00:21, 177