A mode in which the IP payload is encrypted, and the original IP headers are left intact. It adds only a few bytes to each packet and allows devices on the public network to see the final source and destination of the packet. This capability allows one to enable special processing (for example, quality of service) in the intermediate network based on the information on the IP header. However, the Layer 4 header will be encrypted, limiting the examination of the packet. The opposite of transport mode is tunnel mode. Transport mode is typically used in a host-to-host connection.

An IPSec mode of operation where the data payload is encrypted, but the original IP header is left in the clear. The IP addresses of the source or destination are still open to modification if the message is intercepted. Because of its construction, transport mode can only be used when the communication endpoint and cryptographic endpoint are the same location. VPN gateways providing encryption and decryption services for protected hosts cannot use transport mode for protected VPN communications. Compare to Tunnel Mode

One of two mode choices that controls how much of the data packet is protected by confidentiality and message integrity. Transport Mode encrypts less of the data packet than Tunnel Mode.

IPSec mode of operation in which the data payload is encrypted, but the original IP header is left untouched. The IP addresses of the source or destination can be modified if the packet is intercepted. Because of its construction, transport mode can be used only when the communication endpoint and cryptographic endpoint are the same. VPN gateways that provide encryption and decryption services for protected hosts cannot use transport mode for protected VPN communications. See also tunnel mode.