Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.107
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} User Manual Network Sangfor/IPSec VPN Use Cases OSPF over VPN
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","OSPF over VPN")}}

OSPF over VPN

{{ $t('productDocDetail.updateTime') }}: 2026-04-29

This use case describes how to enable the HQ and branch devices to dynamically learn each other's intranet routes by using the OSPF over VPN technique.

Steps

Step 1.Create a VPN tunnel interface on the HQ device. Specifically, set the tunnel interface name to vpntun1, and specify the IP address of the tunnel interface. Make sure that the IP addresses of the VPN tunnel interfaces for the HQ and branch devices belong to the same network segment.

When OSPF or BGP is used, you need to specify the IP address of the tunnel interface.

Step 2.Create an IPsec VPN tunnel on the HQ device. Specifically, configure necessary parameters, click the Route Mode tab, and set Local Tunnel Interface to vpntun1, as shown in the following figure.

Step 3.Configure OSPFv2 on the HQ device. Specifically, configure basic and advanced OSPFv2 settings. In the advanced settings, add an area, and set the network segment to the network segment of vpntun1. Configure route redistribution settings, and select the route type.

In this example, Direct Routes is selected as the route type for route redistribution. In actual scenarios, select the route type based on business needs.

Step 4.Repeat Steps 1 to 3 on the branch device.

Step 5.Verify the result. The result shows that the IPsec VPN tunnel is successfully established.

The OSPF adjacency is successfully established, and route learning is correct.

Business access is normal.