5-41
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter5 Managing Policies
Managing Policies in Device View and the Site-to-Site VPN Manager
(Device view only) Select Policy > Unshare Policy.
Right-click the selected shared policy, then select Unshare Policy.
Step 2 Click OK. The shared policy is converted into a local policy for the selected device or VPN topology.
The shared policy icon in the Policies selector is replaced by the local policy icon.
Assigning a Shared Policy to a Device or VPN Topology
You can replace any shareable policy (local or shared) assigned in Device view or the Site-to-Site VPN
Manager with an existing shared policy of the same type. For example, if you have a local NAT policy
assigned to a Cisco IOS router, you can assign a shared NAT policy in its place. Similarly, if a shared
NAT policy was assigned to the router, you can replace it with a different shared NAT policy.
Tip You can use bundle shared policies together to make assigning those policies easier. For more
information, see Managing Policy Bundles, page 5-53.
If you are assigning a shared policy to replace a local, rule-based policy (for example, an inspection rules
policy), any local rules that you configured are replaced by the rules defined in the shared policy. A
warning message gives you the opportunity to preserve the local rules by inheriting the rules of the
shared policy instead of assigning the shared policy in place of the local policy. For more information,
see Inheritance vs. Assignment, page 5-6.
Tip If you want to use the rules defined in the shared policy and still keep your local rules, we recommend
that you select the Inherit Rules option instead of assigning the policy. For more information, see
Inheriting or Uninheriting Rules, page 5-43.
Note You can also inherit IPS signature policies and signature event actions, but inheritance works differently
than for rules-based policies. For more information, see Understanding Signature Inheritance,
page 38-3.
Related Topics
Understanding the Device View, page 3-1
Using the Policy Banner, page 5-35
Unassigning a Policy, page5-33
Adding Local Rules to a Shared Policy, page5-42
Copying Policies Between Devices, page 5-31
Working with Shared Policies in Device View or the Site-to-Site VPN Manager, page 5-34
Step 1 In Device view or the Site-to-Site VPN Manager, select a policy from the Policies selector, then do one
of the following:
(Device view only) Select Policy > Assign Shared Policy.
Right-click the policy in the Policies selector, then select Assign Shared Policy.
Click the link in the Policy Assigned field in the policy banner.