Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.107
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Network Sangfor/IPSec VPN Use Cases Intranet Access (Exclusive Tunnel Interface) - Main Scenario
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Intranet Access (Exclusive Tunnel Interface) - Main Scenario")}}

Intranet Access (Exclusive Tunnel Interface) - Main Scenario

{{ $t('productDocDetail.updateTime') }}: 2026-04-29

This use case describes how to implement intranet access between the HQ and branch devices through an IPsec VPN tunnel.

Steps

Step 1.Create a VPN tunnel interface on the branch device, and specify the interface name. In this example, the VPN tunnel interface name is vpntun1.

If the IPsec VPN tunnel uses an exclusive tunnel interface and no OSPF or BGP is used, you do not need to specify the IP address of the tunnel interface.

Step 2.Create an IPsec VPN tunnel on the branch device. Specifically, configure necessary parameters, click the Route Mode tab, and set Local Tunnel Interface to vpntun1, as shown in the following figure.

Step 3.Create a static route on the branch device. Specifically, set Dst IP/Netmask to the intranet address of the HQ device and Interface to vpntun1.

If the IPsec VPN tunnel uses an exclusive tunnel interface, you only need to specify the destination interface for the static route.

Step 4.Repeat Steps 1 to 3 on the HQ device.

Step 5.Verify the result. The result shows that the IPsec VPN tunnel is successfully established, and business access through the IPsec VPN tunnel is normal.