Crypto Transform Set Configuration Mode Commands The Crypto Transform Set Configuration Mode is used to configure properties for system transform sets. Transform Sets are used to define IPSec security associations (SAs). IPSec SAs specify the IPSec protocols to use to protect packets. Important: The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s). end Exits the current configuration mode and returns to the Exec mode. Product All Privilege Security Administrator, Administrator Syntax end Usage Return to the Exec mode. exit Exits the current configuration mode and returns to the context configuration mode. Product All Privilege Security Administrator, Administrator Syntax exit Usage Return to the context configuration mode. mode Configures the IPSec encapsulation mode. Product PDSN, HA, GGSN, PDIF, SCM Privilege Security Administrator, Administrator Syntax mode { transport | tunnel } transport Default: Disabled Specifies that the transform set only protects the upper layer protocol data portions of an IP datagram, leaving the IP header information unprotected. Important: This mode should only be used if the communications end-point is also the cryptographic end-point. tunnel Default: Enabled Specifies that the transform set protects the entire IP datagram as displayed in the following figure. This mode should be used if the communications end-point is different from the cryptographic end-point as in a VPN. Usage This command specifies the encapsulation mode for the transform set. Example The following command configures the transforms set’s encapsulation mode to transport: mode transport