5-28
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
Question: Why are parts of the AAA method list definitions configured on my router not discovered?
Answer: Security Manager does not support certain keywords, such as if-needed. Method lists
containing these keywords are discovered without the keyword. If the default AAA definitions on the
device contain unsupported keywords, the entire command is not discovered.
Question: Can I discover AAA servers on devices running IOS software that were configured using the
server-private command?
Answer: Yes, you can discover these servers. However, Security Manager converts them into standard
AAA servers that can be used globally or in multiple AAA server groups. The server-private command
is not supported.
Question: What do I need to know about discovery and device hostnames?
Answer: When you discover a device, the hostname policy is populated with the hostname discovered
on the device. However, the hostname listed in Device Properties is not updated with this value. Ensure
that the hostname defined in the device properties is the correct DNS name for the device. For more
information, see Understanding Device Properties, page 3-6.
Managing Policies in Device View and the Site-to-Site VPN Manager
You can use Device view or the Site-to-Site VPN Manager to manage both local policies and shared
policies, as described in the following sections:
Policy Status Icons, page 5-28
Performing Basic Policy Management, page 5-29
Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34
To access Device view, select View > D evice Vie w or click the Device View button on the toolbar. To
access the Site-to-Site VPN Manager, select Manage > Site-to-Site VPNs or click the Site-to-Site VPN
Manager button on the toolbar.
Related Topics
Understanding the Device View, page 3-1
Managing Shared Policies in Policy View, page 5-47
Understanding Policies, page 5-1

Policy Status Icons

You can learn the status of any policy in Security Manager at a glance by viewing the icon displayed next
to the policy name.
Table5-5 Policy Status Icons
Icon Status
The policy is not configured. Upon deployment, any policy of this type already present
on the device is effectively removed.