5-51
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter5 Managing Policies
Managing Shared Policies in Policy View
Creating a New Shared Policy
Use Policy view to create a new shared policy. In most cases, the new policy starts out undefined, but in
certain cases (for example, many site-to-site VPN policies, such as IPsec proposals and GRE modes)
default values are supplied. In all cases, the new policy is not initially assigned to any devices. If the new
policy is a rule-based policy that supports inheritance, it can be created as a child of an existing shared
policy of the same type. For more information, see Understanding Rule Inheritance, page 5-4.
Tip You can also create shared policies by converting local policies in Device view. For more information,
see Sharing a Local Policy, page 5-38.
Related Topics
Importing Policies or Devices, page 10-13
Managing Shared Policies in Policy View, page 5-47
Deleting a Shared Policy, page 5-53
Step 1 In Policy view, select a policy type in the Policy Type selector.
Step 2 Do one of the following:
Right-click the policy type in the Policy Type selector, then select New [policy type] Policy.
Right-click a policy in the Shared Policy selector, then select New [policy type] Policy.
Click the Create a Policy button beneath the Shared Policy selector.
The Create a Policy dialog box is displayed.
Step 3 Enter a name for the new policy. Policy names can contain up to 255 characters, including spaces and
special characters.
When creating a Translation Rules policy for NAT rules on security devices (PIX/ASA/FWSM), you
must also choose a device software Version: PIX/ASA 6.3-8.2 or ASA 8.3 & Later.
Step 4 Click OK. The new policy appears in the Shared Policy selector.
To configure a definition for the new shared policy, click the Help button in the toolbar with the Details
tab open to see information specific to the type of policy you are creating. To assign the new shared
policy, see Modifying Policy Assignments in Policy View, page5-51.
Modifying Policy Assignments in Policy View
Use the Assignments tab in Policy view to modify the list of devices or VPN topologies to which you
assigned a selected shared policy. The Assignments tab shows a list of all devices that are currently
assigned the selected shared policy. It also shows devices that are assigned the policy through
inheritance.
Assigning a policy to a device or VPN overwrites any policy of the same type (local or shared) that was
previously assigned to the device in Security Manager. When deployed, the newly assigned policy
overrides any policy of the same type that is already configured on the device, whether it was configured
using Security Manager or using another method, such as the CLI.