OSPF over IPSec with Sophos UTM

Hi Community,

I need help creating active redundant Data-Chanels for a customer system.

Heres my Setup (also see picture):

I have 2 UTM-Clusters on two sites "1" + "2",
Connected via transparent DWDM-Transfer-Interface,
OSPF active for redundancy and automatic internal Routing,
Remote Site "C" running two Cisco-Routers "C1" and "C2" (also in OSPF-Redundancy).
Had to use two E1-Lines for the Customer-Connect.
UTM-Cluster "A" has working IPSec-Tunnel to "C1".
UTM-Cluster "B" has working IPSec-Tunnel to "C2".
Trying to reach multiple Systems in Subnet "" on Site "C" redundantly with Help of OSPF.
OSPF deliveres when active still first the direct Routes via IPSec, and the when one connection fails a redundant route from the second cluster to the remote Subnet.


I'm trying to get OSPF through (or over) IPSec-Tunnel running, to be able to get redundancy to target VLAN behind two remote Single Cisco-WAN-Routers.
While IPSec is active on the Routing-Interface OSPF will not detect any OSPF-Device on the other side.

- What is needed to do, to allow OSPF over the IPSec-Tunnel?
- Is OSPF and then IPSec on the same Interface possible?

- I already tried "Bind  Tunnel to Interface" but had no luck
- I tried disabling IPSec and was able to "see" the OSPF-Neighbor (but received no routes or Subnet-Infos)
- I also tried policy routes and conditional routing

State (now:)
- Not using OSPF right now
- Using static Routes
- Customer ist not satisfied with routes based on conditions (wants OSPF)