5-40
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
Step 2 On the Select Policies to Share page, select all policies that you want to share. Initially, all shareable
policies configured on the device, whether local or shared, are selected. Deselect the check box next to
each policy that you do not want to share.
Following are some tips:
Local policies that are not checked remain local to the selected device.
If you select a policy that is already shared, Security Manager creates a copy of that policy using the
name that you define in the wizard.
Selecting the check box for a policy group selects all of the policies in that group.
If a policy is configured on the device, but you cannot select it (the check box is solid grey), it is an
unshareable policy.
Step 3 Enter a name for the shared policies. All policies are given the same name. You can later rename the
individual policies. For more information, see Renaming a Shared Policy, page 5-45.
If you select a policy that is already shared, Security Manager creates a copy of that policy using this
name.
Step 4 Click Finish. The selected policies become shared policies, which you can then assign to additional
devices as needed. For more information, see Modifying Shared Policy Assignments in Device View or
the Site-to-Site VPN Manager, page 5-46.
Unsharing a Policy
When you unshare a shared policy assigned to a particular device or VPN topology, you create a copy
that becomes a local policy for that device or topology. This means that any subsequent changes made
to the local policy affect only this particular device or topology. Other devices or topologies assigned the
original shared policy continue to use the shared policy as before.
Note You cannot unshare a policy that is assigned to a device as part of a policy bundle. You must either
unassign the policy bundle from the device or remove the shared policy from the policy bundle that is
assigned to the device.
For example, Security Manager might be managing a BGP routing policy called MyBGP, which is
assigned to 20 routers. If you decide that one of the routers (Router1) requires a variation of this policy,
you can select the device, unshare the policy, and make the changes you need for that router. From that
point on, Router1 has a local BGP policy while the other 19 routers continue to use the original shared
policy, MyBGP.
Related Topics
Understanding the Device View, page 3-1
Sharing a Local Policy, page5-38
Managing Policies in Device View and the Site-to-Site VPN Manager, page 5-28
Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34
Policy Status Icons, page 5-28
Step 1 In Device view or the Site-to-Site VPN Manager, select a policy from the Policies selector, then do one
of the following: