5-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
Modifying Shared Policy Definitions in Device View or the Site-to-Site VPN Manager, page 5-45
Modifying Shared Policy Assignments in Device View or the Site-to-Site VPN Manager, page 5-46
Inheritance vs. Assignment, page 5-6
Understanding Policy Locking, page 5-7
Importing Policies or Devices, page 10-13
Policy Shortcut Menu Commands in Device View and the Site-to-Site VPN Manager
When you right-click a policy in Device view or the Site-to-Site VPN manager, you get a list of
commands that you can use on the policy. The shortcut command list includes only those commands
available for the selected policy, so the list differs according to your selection.
The available commands depend on whether the policy:
Is unassigned.
Contains a local policy for that specific device or VPN topology.
Contains a shared policy that might be assigned to multiple devices or VPN topologies.
Can be shared. There are no shortcut commands for policies that cannot be shared between devices
or topologies.
The current status of each policy type is indicated by the icon displayed next to the policy name. See
Policy Status Icons, page 5-28.
The following table provides a comprehensive list of the possible commands.
Table5-6 Policy Shortcut Commands
Menu Command Description
Commands available in all cases
Assign Shared Policy Assigns an existing shared policy to the selected device or VPN
topology. If the policy is already assigned a shared policy, your
selection assigns a new shared policy, replacing the existing selection.
See Assigning a Shared Policy to a Device or VPN Topology,
page 5-41.
Additional local policy commands
Share Policy Shares the local policy so that it can be assigned to other devices or
VPN topologies. See Sharing a Local Policy, page5-38.
Unassign Policy Unassigns the policy from the device or VPN topology. When
deployed, the configuration that corresponds to the settings defined in
this policy is removed from the device or the devices in the topology.
See Unassigning a Policy, page5-33.
Additional shared policy commands
Unshare Policy Creates a local copy of the shared policy and assigns it to the device or
VPN topology in place of the shared policy. See Unsharing a Policy,
page 5-40.
Edit Policy Assignments Enables you to change which devices or VPN topologies are assigned
to this policy, not just the device or VPN topology you are currently
viewing. See Modifying Shared Policy Assignments in Device View or
the Site-to-Site VPN Manager, page 5-46.