Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
5-52
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 5 Managing Policies
Managing Shared Policies in Policy View
When you unassign a shared policy from a device or VPN topology, Security Manager removes the
policy from the planned configuration of that device or VPN topology. When the configuration defined
by the policy is deployed, any configuration of the same type that is already configured on the device
(including the devices in the VPN topology) is removed. For more information, see Unassigning a Policy,
page 5-33.
Therefore, if your intention when performing unassign is to assign a different shared policy to a
particular device or VPN topology, it is important to select the replacement policy and perform the
assignment before performing deployment.
Tip Assigning a replacement policy is particularly important when you use a device access policy to
configure the enable password or enable secret password on a Cisco IOS router. If you unassign this
policy and fail to define a different password in its place before deployment, Security Manager might be
unable to configure this device in the future. For more information, see User Accounts and Device
Credentials on Cisco IOS Routers, page 60-13.
Alternatively, you can return to Device view and replace the shared policy assigned to the device with a
different shared policy. For more information, see Assigning a Shared Policy to a Device or VPN
Topology, page 5-41.
Note If you unassign a mandatory site-to-site VPN policy, such as an IKE proposal policy, Security Manager
automatically replaces it with a default policy. If you unassign a mandatory remote access VPN policy,
you must manually configure a new policy of that same type or deployment will fail.
Related Topics
Modifying Shared Policy Assignments in Device View or the Site-to-Site VPN Manager, page 5-46
Managing Shared Policies in Policy View, page 5-47
Step 1 In Policy view, select a policy type from the Policy Type selector, then select a policy from the Shared
Policy selector. For more information about using these selectors, see Policy View Selectors, page 5-49.
Step 2 Click the Assignments tab in the work area.
The Assignments tab shows a list of all devices that are currently assigned the selected shared policy. It
also shows devices that are assigned the policy through inheritance.
Step 3 Modify the list of devices or VPNs to which the policy is assigned, as follows:
To assign the selected policy to additional devices or VPNs, select one or more items from the
Available Devices/VPNs list, then click >> to move them to the Assigned Devices/VPNs list.
Tip To assign a policy to all the devices in a device group, select the name of the device group, then
click >>.
To unassign the selected policy from devices or VPNs, select one or more items from the Assigned
Devices/VPNs list, then click << to return them to the Available Devices/VPNs list.
Step 4 Click Save to save your assignment changes.