<div>
Can you show me the output of your interfaces and your routing tables? 
 
Are you Natting in that as well? 
 
You have 6 networks shown above and it is really not clear to me what you are doing. 
 
-Rowan 

</div>

<div>
Let me redo it. 
&nbsp; 
Server 10.5.0.18/28 ---Edge VPN-1 Int 10.5.0.17/28 --Edge VPN-1 Ext -----(internet)-----UTM450 Ext-----UTM450 Int 172.17.192.1/30----172.17.192.2/30----172.17.1.0/24-----172.17.0.0/30-----192.168.150.0/30------172.16.0.0/30------172.16.1.0/24 (My computer) 
&nbsp; 
I am doing NAT on the Edge VPN-1 Internal interface so that if the source IP is My computer at 172.16.1.212/24, then it is translated to the Edge VPN-1 Int IP of 10.5.0.17. 
&nbsp; 
Here is the routing table of the UTM450. I x'ed out th elast 2 octets of the external interface. 
Does this help clarify? 
What else can I provide? 
&nbsp; 
&nbsp; 
Kernel IP routing table 
Destination &nbsp; &nbsp; Gateway &nbsp; &nbsp; &nbsp; &nbsp; Genmask &nbsp; &nbsp; &nbsp; &nbsp; Flags Metric Ref &nbsp; &nbsp;Use Iface 
224.0.0.2 &nbsp; &nbsp; &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.255.255.255 UHD &nbsp; 0 &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 lo 
127.0.0.1 &nbsp; &nbsp; &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.255.255.255 UH &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 lo 
172.17.192.0 &nbsp; &nbsp;0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.255.255.252 U &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 Internal 
192.240.0.0 &nbsp; &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.255.255.0 &nbsp; U &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 External 
172.16.1.0 &nbsp; &nbsp; &nbsp;172.17.192.2 &nbsp; &nbsp;255.255.255.0 &nbsp; UG &nbsp; &nbsp;200 &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 Internal 
172.17.1.0 &nbsp; &nbsp; &nbsp;172.17.192.2 &nbsp; &nbsp;255.255.255.0 &nbsp; UG &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 Internal 
127.0.0.0 &nbsp; &nbsp; &nbsp; - &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 255.0.0.0 &nbsp; &nbsp; &nbsp; !D &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp;- &nbsp; &nbsp; &nbsp; &nbsp;0 - 
0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 192.240.xxx.xxx &nbsp; 0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; UG &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;0 External 
Choose a routing configuration item ('e' to exit): 
------------------------------------------------------------------ 
1) Add new network route &nbsp; &nbsp; &nbsp; 4) Delete route 
2) Add new host route &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;5) Show routing configuration 
3) Add default gateway 
------------------------------------------------------------------ 
(Note: configuration changes are automatically saved) 
Your choice: 
&nbsp; 
&nbsp; 
&nbsp; 
&nbsp; 

</div>

<div>
Where is the packet from and too? &nbsp;Source and Destination please. 
 
Also it is still not clear how you everything hooked together, I think I have it, but I am reading bewteen the lines. 
 
-Rowan 

</div>

<div>
Sorry about that. I am not good at writing explanations. 
My source IP is 172.16.1.212. 
My final destination is 10.5.0.18. 
I have 2 offices, and 1 remote site. 
Office A (Texas) and Backup Office B (California), and hey are linked to each other via a small backbone T1 circuit. 
My Office A has the 172.16.1.0/24 subnet. 
Backup Office B in CA. has the 172.17.1.0/24 subnet. 
Remote customer site C has the 10.5.0.16/28 subnet. 
Now Backup Office B is where there is a UTM450. 
Remote customer site C has a CheckPoint VPN-1 Edge. 
A VPN tunnel is created between Backup Office B and Remote customer site C. 
I want to ping a computer IP 10.5.0.18 located at Remote customer site C. 
I need to send a ping packet from my Office A, across the backbone towards Backup office B, where it is routed to the internal interface of the UTM450, and it needs to continue through the VPN tunnel towards Remote customer site C, where it will then ping the 10.5.0.18 computer. 
I do have a NAT rule to translate any packet with a source IP of 172.16.1.0/24 to the IP of the internal interface of the VPN-1 Edge device at teh customer site, which is 10.5.0.17. 
Now I know the tunnel is built. If I send a packet from the Backup office B site (172.17.1.0/24 subnet), it will succeed just fine. 
It just won't let me send a packet across it from the 172.16.1.0/24 subnet. 
&nbsp; 
&nbsp; 

</div>

<div>
When you turn off anti-spoofing look in your logs to determine what is stopping the traffic. 

</div>

<div>
Yes, that is dead right. &nbsp;We would of got their eventually, just would of taken longer via this forum. &nbsp;Thanks for reporting back. 

</div>

<div>
Thank you. 
I'm sure I will have more in the future. 
&nbsp; 

</div>

<div>
<div class="content wysiwyg-content">
Packets get dropped on the Internal interface, and it the Tracker says it is because of Anti-Spoofing. 
CheckPoint Internal = 172.17.192.1/30 --&gt; 172.17.192.2/30--&gt;172.17.1.0/24--&gt;172.17.0.0/30--&gt; 192.168.150.0/30--&gt;172.16.0.0/30--&gt;172.16.1.0/24 (My computer) 
 
I am trying to ping out the CheckPoint from my computer. 
 
I have defined the internal interface topology to be Specific to group 172.17.1.0/24 and 172.17.192.0/30. 
 
Then, under the Anti-Spoofing of the Internal interface, I told it to ignore packets from 172.16.1.0/24. 
 
It still said it was dropped due to anti-spoofing. 
 
Even after I disabled anti-spoofing altogether on both the internal and external interfaces, it still would not work.
</div>
</div>

Packets get dropped on the Internal interface, and it the Tracker says it is because of Anti-Spoofing.
CheckPoint Internal = 172.17.192.1/30 --> 172.17.192.2/30-->172.17.1.0/24-->172.17.0.0/30--> 192.168.150.0/30-->172.16.0.0/30-->172.16.1.0/24 (My computer)

I am trying to ping out the CheckPoint from my computer.

I have defined the internal interface topology to be Specific to group 172.17.1.0/24 and 172.17.192.0/30.

Then, under the Anti-Spoofing of the Internal interface, I told it to ignore packets from 172.16.1.0/24.

It still said it was dropped due to anti-spoofing.

Even after I disabled anti-spoofing altogether on both the internal and external interfaces, it still would not work.

CheckPoint UTM450 Firewall ANti-spoofing problem

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Software Firewalls

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.