Crypto Transform Set Configuration Mode Commands

The Crypto Transform Set Configuration Mode is used to configure properties for system transform sets.

Transform Sets are used to define IPSec security associations (SAs). IPSec SAs specify the IPSec protocols to use to protect packets.

IMPORTANT:

The commands or keywords/variables that are available are dependent on platform type, product version, and installed license(s).

end

Exits the current configuration mode and returns to the Exec mode.

Product:

All

Privilege:

Security Administrator, Administrator

Syntax

end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All

Privilege:

Security Administrator, Administrator

Syntax

exit

Usage:

Use this command to return to the parent configuration mode.

mode

Configures the IPSec encapsulation mode.

Platform:

ASR 5000

ASR 5500

Product:

PDSN, HA, GGSN, PDIF

Privilege:

Security Administrator, Administrator

Syntax

mode { transport | tunnel }

mode transport

Specifies that the transform set only protects the upper layer protocol data portions of an IP datagram, leaving the IP header information unprotected. Default: Disabled

IMPORTANT:

This mode should only be used if the communications end-point is also the cryptographic end-point.

mode tunnel

Specifies that the transform set protects the entire IP datagram.

This mode should be used if the communications end-point is different from the cryptographic end-point as in a VPN. Default: Enabled

Usage:

This command specifies the encapsulation mode for the transform set.

Example:

The following command configures the transforms set’s encapsulation mode to transport:

mode transport