No translation Group found

Hello, I am implementing a VPN site-to site between our Pix515 (running 6.3) and device eFinity from a third party (under Linux). I followed the VPN Wizard in PDM, but when they try to ping on one of our servers, they get error ' no group translation found for icmp src, dst outside: 62.69.58.233 inside: 128.31.2.1.

Their LAN 194.201.29.0/24 and firewall address is 62.69.58.233. Our local network is 128.31.0.0/16, firewall address is 194.70.27.46.

Any help is greatly appreciated.

Rex

According to your log message, the source is 62.69.58.233, not 194.201.29.x, which means that it is to be translated. You wouldn't have to add 62.69.58.233 to your list if they do not have a nat to their lan to your interior.

Tags: Cisco Security

Similar Questions

  • No group of translation not found error on the site to site VPN.

    Hello

    I was wondering if someone could help me. I basically VPN site to site (between an ASA 5505 and a Pix 501).

    The tunnel is in place and seems to work, but they cannot access all the resources on our side.

    I get the following error:

    Syslog ID: 305005

    Source IP: 172.x.x.x (internal IP)

    Error:

    No translation group not found for icmp src 10.20.x.x (where IP) dst inside 172.x.x.x (type 8, code 0)

    Any ideas on how to solve this problem?

    Thank you.

    M.

    Your nat exemption should be...

    access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.0.0 10.2

    0.0.0 255.255.0.0

    NAT (inside) 0-list of access inside_nat0_outbound

    Also get rid you of...

    no nat (outside) 0-list of access outside_nat0_outbound

    no access list extended ip 172.16.0.0 outside_nat0_outbound allow 255.255.0.0 10.2

    0.0.0 255.255.0.0

  • Urgent: ActivePrincipalNotFoundException: no active group found GroupPrincipalId: 7D6E682A - 54 c

    Hello
    I'm administer and maintainng an application based on LiveCycle'RE 8.0.  I recently received the exception described in the title of the post.
    List of users of the application is synchronized with ldap for my client and consists of a workflow to digitally sign pdf files. Once the first user has signed the file an email is sent to the next user.
    The component sending email is a custom component developed by my company, as the last step it uses the e-mail address of the user to the following address to query the database of adobe and translate it into a unique identifier (select id from EDCPRINCIPALENTITY where email =?) and return the result in 'UserUID', defined as the component output variable. The component output variable is mapped to a process variable (UserID) and a route brings the process to a UserService (trust).
    Now, for a user specific id gets resolved and return to the UserService, but of the UserService wedge with the below exception (if you need full battery I can provide):
    2011-01-31 17:17:34, 017 INFO [STDOUT] 31 January 2011 17:17:34 com.adobe.idp.taskmanager.dsc.userservice.UserServiceImpl createTaskFromDialogProperties
    WARNING: UserServiceImpl:createTaskFromDialogProperties() that no active principle was found trying to create the task, this point will be block or showing a tire defect.   Exception message is: no active group found GroupPrincipalId: 7D6E682A-54C0-FD98-8BBF-A80ED367A8BC
    com.adobe.idp.taskmanager.dsc.client.task.ActivePrincipalNotFoundException: no active group found GroupPrincipalId: 7D6E682A-54C0-FD98-8BBF-A80ED367A8BC
    ...
    2011-01-31 17:17:34, 019 INFO [STDOUT] 31 January 2011 17:17:34 com.adobe.idp.taskmanager.dsc.userservice.UserServiceImpl createTaskFromDialogProperties
    WARNING: UserServiceImpl:createTaskFromDialogProperties() an exception has occurred trying to create a task, and the exception is not related to the assignment to an invalid user.   Exception message is: no active group found GroupPrincipalId: 7D6E682A-54C0-FD98-8BBF-A80ED367A8BC
    com.adobe.idp.taskmanager.dsc.client.task.ActivePrincipalNotFoundException: no active group found GroupPrincipalId: 7D6E682A-54C0-FD98-8BBF-A80ED367A8BC
    at com.adobe.idp.taskmanager.dsc.service.TaskManagerServiceImpl.getQueueForPathExpression (your skManagerServiceImpl.java:5807)
    This seems to happen only for this user and this kind of document. I checked that the configuration of users and groups and everithing seems fine. There is no inactive services and as we have already said, at the moment, this seems to happen all for this user.
    Also I tried to retray the task to a standstill and happened (as if the user had signed the document) but then I have anther error:
    2011-02-01 11:08:36, 971 ERROR [com.adobe.workflow.AWS] action-instance of stall: 112318 with message: ALC-DSC-002-000: com.adobe.idp.dsc.RequiredParameterException: parameter: document is required.
    What exactly does the first exception? What can I check to fix this?
    I need emergency aid, for at least this user is stuck.
    Thanks in advance

    Interesting idea.  If that's the case then you should be able to add a control to your SQL query to make sure that you use the current record.

    and status = 'CURRENT' can suffice.

  • site to site VPN found no translation Group

    Hello

    I have two asa 5505 who fail to communicate with each other.

    When I try to connect (http) with a host on the other network, the asa says this side:

    No group of translation found for tcp src outside:192.168.100.20/44710 dst inside:192.168.1.4/80

    I assume that the error is with the second asa but I don't know.

    192.168.100.12-> 192.168.100.1-> 213.136.41.180-> internet-> 79.136.112.50-> 192.168.1.5

    The first asa

    l2l_list to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.100.0 255.255.255.0

    inside_nat0_outbound to access extended list ip 192.168.100.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

    Global 1 interface (outside)

    NAT (inside) 0-list of access inside_nat0_outbound

    NAT (inside) 1 0.0.0.0 0.0.0.0

    NAT (dmz) 1 0.0.0.0 0.0.0.0

    Route outside 0.0.0.0 0.0.0.0 79.136.112.49 1

    Route outside 192.168.100.0 255.255.255.0 213.136.41.180 1

    Crypto ipsec transform-set esp-3des esp-md5-hmac FirstSet

    card crypto abcmap 1 match address l2l_list

    peer set card crypto abcmap 1 213.136.41.180

    card crypto abcmap 1 set of transformation-FirstSet

    abcmap interface card crypto outside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 1

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 43200

    tunnel-group 213.136.41.180 type ipsec-l2l

    IPSec-attributes tunnel-group 213.136.41.180

    pre-shared-key *.

    *************************************************

    the second asa

    l2l_list to access extended list ip 192.168.100.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

    outside_access_in list extended access permit icmp any one

    Global 1 interface (outside)

    NAT (inside) 0-list of access inside_nat0_outbound

    NAT (inside) 1 0.0.0.0 0.0.0.0

    Access-group outside_access_in in interface outside

    Route outside 0.0.0.0 0.0.0.0 213.136.41.182 1

    Route outside 192.168.1.0 255.255.255.0 79.136.112.50 1

    Route outside 192.168.200.0 255.255.255.0 79.136.112.50 1

    Crypto ipsec transform-set esp-3des esp-md5-hmac FirstSet

    card crypto abcmap 1 match address l2l_list

    peer set card crypto abcmap 1 79.136.112.50

    card crypto abcmap 1 set of transformation-FirstSet

    abcmap interface card crypto outside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 1

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 43200

    tunnel-group 79.136.112.50 type ipsec-l2l

    IPSec-attributes tunnel-group 79.136.112.50

    pre-shared-key *.

    First ASA

    No inside_nat0_outbound access list extended ip 192.168.100.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

    inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.100.0 255.255.255.0

    NAT (inside) 0-list of access inside_nat0_outbound

    Second ASA

    inside_nat0_outbound to access extended list ip 192.168.100.0 allow 255.255.255.0 192.168.1.0 255.255.255.0

    NAT (inside) 0-list of access inside_nat0_outbound

  • Translation problem group on PIX 515

    Hi can someone help me with this?

    I'm trying to configure a PIX 515 to pass messages icmp from the interface vlan dmz configured on interface (Vlan 3) PIX inside interface.

    setting it up like this

    interface ethernet0 100full

    interface ethernet1 100full

    interface ethernet2 100full

    physical interface ethernet2 vlan2

    logical interface ethernet2 vlan3

    ethernet0 nameif outside security0

    nameif ethernet1 inside the security100

    nameif ethernet2 msx interieure4

    nameif dmz security7 vlan3

    SH nat

    NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

    NAT (dmz) 1 0.0.0.0 0.0.0.0 0 0

    NAT (msx) 1 0.0.0.0 0.0.0.0 0 0

    Global HS

    Global (inside) 1 interface

    Global interface (dmz) 1

    Global (msx) 1 interface

    At this stage I am not concerened with access lists that I get the error message is as follows

    155:-echo request ICMP dmz:192.168.3.1 to 10.240.2.2 ID = 512 seq = 11520 length = 40

    305005: no translation not found for icmp src dmz:192.168.3.1 dst domestic group: 10.240.2.2 (type 8, code 0)

    I'm not an expert when it comes to the PIX can someone help. Two other things can help shed light on the problem, there is no configuration of routing between Vlan interfaces, this could be a problem? I tried a static command and still have the same error that the order was... static (dmz, inside) 192.168.3.1 192.168.3.1

    Hi David:

    As you try to allow host from an interface for low security to a high security interface, you must have

    static (high, low) high high

    In this case, you must:

    static (inside, dmz) 10.240.2.2 10.240.2.2 netmask 255.255.255.255 0 0

    I assume that you already have an access list to allow the icmp message of echo applied to the DMZ interface. If it is not already there, just add an ACE to allow the icmp message to echo that you should be good to go.

    Sincerely,

    Binh

  • Translation NAT PIX problem

    Hello everyone I have the following situation on a running 6.2.2 PIX 520

    I have three interfaces inside, outside, dmz

    on the external interface have an access list to allow icmp from the IPs behind the DMZ interface, I have the following:

    external_access_in list of access permit icmp any 1.1.1.0 255.255.255.0

    NAT (dmz) 0 1.1.1.0 255.255.255.0 0 0

    Access-group external_access_in in interface outside

    1.1.1.0 are routed over the internet, ip addresses of the foregoing allows external hosts don't ping my hosts behind the dmz interface

    I'm doing the same thing try to allow hosts behind the area demilitarized the hosts behind the inside interface to icmp ping:

    dmz_in ip access list allow a whole

    NAT (inside) 0 1.1.5.0 255.255.255.0 0 0

    Access-group dmz_in in dmz interface

    The Interior allows entering by default.

    But I have the newspaper:

    305005: no group of translation not found for icmp src dmz:1.1.1.1 dst domestic: 1.1.5.1 (type 8, code 0)

    In my view, the situation is the same thing as the ping outside the demilitarized zone.

    I have:

    ethernet0 nameif outside security0

    nameif ethernet1 inside the security100

    nameif dmz security50 ethernet2

    Could someone tell me where I'm wrong, and how to allow the demilitarized area welcomes guests inside interface to icmp ping.

    Thanks for your replies.

    When you use "nat 0" with a network after him, it does NOT work as a static/ACL combination that normally, you need to move from a lower to a higher security security interface, as you do here. With "nat 0", traffic not from higher security first interface, THEN traffic can flow from the lower security interface. In your example, the traffic should flow inside the DMZ BEFORE traffic flows from the DMZ to the inside. The reason it works with the DMZ to outside traffic is that traffic probably sank DMZ for outside already, while traffic then flows from the outside to the DMZ.

    NAT 0 is probably something I would keep away from, could the interpretations of the causes like that. IT is IS NOT THE SAME AS STATIC/ACL PAIR., although it is similar.

    I would replace your statements "nat 0" with the following:

    > static (dmz, outside) 1.1.1.0 1.1.1.0 netmask 255.255.255.0

    > static 1.1.5.0 (inside the dmz) 1.1.5.0 netmask 255.255.255.0

    You have still a static, but you translate it into himself, effectively bypassing NAT (even though it still go through the NAT process). Traffic will then be able to move back and forth without worrying. It's easier to read and follow for me too, but that's just my opinion.

  • Site to Site ASA translation problem

    Hello

    I would like to ask how to solve this problem:

    Site A is ASA5520 (v7.2) with:
    Interface backwards
    External interface

    On site B is ASA5520 (v8.2) with:
    Interface backwards
    External interface
    DMZ interface

    There's a L2L IPSec tunnel between network ASAs - tunnel is and the correct work of the networks within the ASA networks inside the ASA B.
    -----------------
    I can do a ping to the server (172.25.106.221) on UI inside the ASA A for server (192.168.1.5) within the Interface of the ASA b.

    But I can't do a ping to the server (172.25.106.221) on the UI inside the ASA A server (192.168.0.31) on the Interface of the DMZ of ASA B with a pattern of ASA B: log % ASA-3-305005: no outside group translation not found for icmp src: 172.25.106.221 DMZ:192.168.0.31 (type 8, code 0) dst

    No doubt is there a problem with the static translation on ASA B, so im looking how to solve this problem.

    I posted configuration files (I omitted a few unnecessary configuration line to resolve this problem, I think).

    Thank you much for the help.

    Hey there,

    Checked the config and I noticed he was missing a sheep of the DMZ, there is one for the inside very well.

    : so you can add the following to the ASA B

    NAT (DMZ) 0-list of access ACL_NONAT

    Let me know how it goes, if it helped you can give then replied

    See you soon,.

    MB

  • Translation nat ip clear to only one address

    I have this in the nat table

    Inside global internal local outside global local outdoor Pro

    TCP 199.212.17.130:1617 142.135.4.69:1617 132.206.246.112:21 132.206.246.112:21

    and I want to erase just one I go through the command and get this:

    clear the nat ip inside the 199.212.17.130 translation 142.135.4.69

    % Translation not found

    Can you help me?

    Here are a few cpmmands that will help you. What you need to do is to understand what translation you do and then choose the appropriate command: delete all entries in the NAT translation table dynamic address translation: "erase the ip nat translation *"

    Delete an entry simple dynamic translation containing a translation, or inside Interior and outside translation: "clear translation nat ip in ip global local-ip [global outside local-ip-ip]" erase an entry simple dynamic translation containing a translation outside: 'clear local-ip-ip global outside ip nat translation' delete a dynamic conversion entry extended: "clear ip protocol translation nat inside global ip global-port local ip local port [outside port-local-ip-ip local-global global port].

  • How to match tunnel-group with auth ASA 8.2 and IPSec VPN Client using digital certificates with Microsoft CA

    Hello

    I set up a lab for RA VPN with a version of the ASA5510 8.2 and VPN Client 5 software using digital certificates with Microsoft CA on a Windows 2003 server. I did the configuration based on this document from Cisco's Web site:

    http://www.Cisco.com/en/us/partner/products/ps6120/products_configuration_example09186a0080930f21.shtml

    Now, the vpn works fine, but now I need to configure a tunnel-different groups so I can provide different services to different users. The problem I have now is that I don't know how to set it up for the certificate is the name of tunnel-group. If I do an ASA debug crypto isakmp I get this error message:

    % ASA-713906 7: IP = 165.98.139.12, trying to find the group through OR...
    % 3 ASA-713020: IP = 165.98.139.12, no group found by matching well payload ID: unknown
    % ASA-713906 7: IP = 165.98.139.12, trying to find the group via IKE ID...
    % 3 ASA-713020: IP = 165.98.139.12, no group found by matching well payload ID: unknown
    % ASA-713906 7: IP = 165.98.139.12, trying to find the group via IP ADDR...
    % ASA-713906 7: IP = 165.98.139.12, trying to find the group using default group...
    % ASA-713906 7: IP = 165.98.139.12, connection landed on tunnel_group DefaultRAGroup

    So, basically, when using certificates I connect always VPN RA only with the group default DefaultRAGroup. Do I have to use a model of different web registration for application for a certificate instead of the user model? How can I determine the OU on the user certificate so that match tunnel-group?

    Please help me!

    Kind regards

    Fernando Aguirre

    You can use the group certificate mapping feature to map to a specific group.

    This is the configuration for your reference guide:

    http://www.Cisco.com/en/us/partner/docs/security/ASA/asa82/configuration/guide/IKE.html#wp1053978

    And here is the command for "map of crypto ca certificate": reference

    http://www.Cisco.com/en/us/docs/security/ASA/asa80/command/reference/C5.html#wp2186685

    Hope that helps.

  • Try to find the table of Directors of a group of fabric (EnterpriseAdminGroups)

    Hello

    I'm not having much luck finding a way to determine the list of users in the "fabric administrators' shown in VRA (VCAC) using a script in VCO.  Does anyone have any idea on how I can do to get the table of users?


    I was able to do with groups of companies:

    var groups = vCACCAFEEntitiesFinder.getBusinessGroups (vCACHost);

    for {(i in groups)

    System.Debug ("groups [" + i + "] =" + groups [i]);

    var = Admins groups [i] .administrators;

    }

    I'm so looking for something similar, but related to EnterpriseAdminGroups, which does not have the property of "Administrators".

    So far I only have this code, which is not having me administrators:

    entities var = vCACEntityManager.readModelEntitiesByCustomFilter (vCACHost.id, "ManagementModelEntities.svc", "EnterpriseAdminGroups", null, null);

    System.log ("Enterprise Admin groups found:" + entities.length);

    var prop = new Properties ();

    for each {(entity in entities var)

    System.Debug ("\n\nentity:" + entity);

    Prop.put (Entity.GetProperty ("adminname"));

    }

    Thank you!

    OK, I think I finally thought to it.  GetFabricGroupAdminByVirtualMachine (vCAC:VCACHost vCACHost, vCACCAFE:VCACHost vCACCAFEHost, vCAC:VirtualMachine virtualMachine) is created.  The method returns a string value of the user name found an admin of fabric for one of the groups of fabric for the computing resource that belongs to the virtual computer.

    Here is the code:

    If (! vCACHost) {}

    throw "Missing vCACHost (vCAC:VCACHost);

    }

    If (! vCACCAFEHost) {}

    throw "Missing vCACCAFEHost (vCACCAFE:VCACHost);

    }

    If (! virtualMachine) {}

    throw "Missing virtualMachine (vCAC:VirtualMachine);

    }

    var vchost = virtualMachine.getEntity () .getLink (vCACHost, 'Host') [0];

    var fabricGroups = vchost.getLink (vCACHost, 'EnterpriseAdminGroups');

    var tenantName = vCACCAFEHost.tenant;

    var authorClient = vCACCAFEHost.createAuthorizationClient ();

    var authorPrincipalSvc = authorClient.getAuthorizationPrincipalService ();

    var currPage = 1;

    numPages var = 1;

    var maxItemsPerPage = 25;

    loop through each page

    While (currPage<= numpages)="">

    var page = new vCACCAFEPageOdataRequest (currPage, maxItemsPerPage);

    var princExtResult = authorPrincipalSvc.getPrincipalExtensions (tenantName, page);

    updating with the number of pages received

    numPages = princExtResult.getMetadata () .getTotalPages ();

    for (var i in {princExtResult.getContent ())}

    var princExt = princExtResult.getContent ([i]);

    var spans = princExt.getScopes ();

    for {(var j in spans)

    var range = extended [j];

    for (k fabricGroups) {}

    {If (scope.getName () = {fabricGroups [k] .getProperty ('AdminName'))}

    var scopeRoles = scope.getPrincipalScopeRole ();

    for (var x in scopeRoles) {}

    If (scopeRoles [x] .getName () = "Company administrator") {}

    found a fabric admin

    System.Debug ("found fabric group admin:" + princExt.getDisplayName ());

    Return princExt.getDisplayName ();

    }

    }

    }

    }

    }

    }

    currPage ++;

    }

    no users found

    Returns a null value.

  • Can I install a button translate my site to muse? How?

    Need for a button to translate

    Found a post where a similar topic has been looked

    Add Google Translate to a Muse site

  • Performance metric power group do not show anything on the virtual machine

    Hello

    I have a small question about the metrics of power Group found on the side of the virtual machine in the charts of perf ahead. It shows only 0 for usage.

    If I'm in the same group of metric on the host, it shows the values.

    do you know why it does not show anything on the virtual machine. is a group of metric that is not usable for virtual machines?

    Thank you very much

    Eric

    You have a support contract in place? Otherwise, I can connect this with them for an official answer... If that helps?

  • Managind DRS groups via powercli

    Goodmorning.

    I need to get all the members of a group of virtual machine via PowerCli DRS.

    I found a few articles of aroud the cmdlets such as ' New -DrsVmGroup" or so on. "

    I don't see this cmdlets in my powercli.

    I connect to a Virtual Center 5.0 managing 6 hosts ESXi 4.1.

    Using PowerCli 5.1 release 1 of my laptop Windows8 or PowerCli 5.0.1 Center Virtual Server itself I can see the following:

    PowerCLI C:\Program Files (x 86) \VMware\Infrastructure\vSphere PowerCLI > get-help * drs * | name of ft

    Name
    ----
    Apply DrsRecommendation
    Get-DrsRecommendation
    Get-DrsRule
    New-DrsRule
    Delete-DrsRule
    Game-DrsRule

    Could you please help me to get on the right way to manage groups of powercli DRS?

    Thanks a lot for the help of youe.

    Hello

    I quickly wrote 1 liner for you:

    (get-cluster cluster_name). ExtensionData.ConfigurationEx.group |? {$_.vm}|% {'$($_.name) GROUP found in this group'; foreach ($currentvm to $_.vm) {(get-vue-id $currentvm) .name}}}
    GROUP VmGroup1 is in this group

    vmX

    VMY

    vmZ

    GROUP VmGroup2 is in this group
    UMB

    vmB

    vmC

    vmD

    Let me know if you still have any questions about this

  • Plugin Active Directory - Add user to group

    Someone at - it no indication as to whether it is possible to add an existing user to an AD security group and how it has been achieved?

    * UPDATE

    In my view, there is a method in the com.vmware.library.microsoft.ActiveDirectory called getUserFromContainer which accepts a container and an accountName.


    Anyone know what they represent? The container is specified as a string that represents the OU or the group. If this can simply be the name of the ORGANIZATIONAL unit or that it does not require the full path? Is the name of the account user name or display name?

    Thank you!

    You have not indicated how you plan to run the workflow... If you run just the client or a Webview, you are prompted for the object and you can use the Chooser to browse for and select the entries...

    However, if you call an external system, it becomes more difficult... the common approach is to create a simple workflow that gets a user by name object or another object by name... For example, if I want to get an AD object: User for the account name bazbill, I would do something along these lines:

    Create an action called getADUserByName and use the action in a workflow:

    var users = ActiveDirectory.search("User" , userName);
if (users.length > 1){
  throw "Multiple matching users found: " + userName;
}
if (users.length < 1){
  throw "No matching user found: " + userName;
}
var user = users[0];
return user;

    Where "userName" is a string and the object returned is an AD object: User.

    A similar approach can be taken to get an AD:UserGroup object:

    getADUserGroupByName

    var groups = ActiveDirectory.search("UserGroup", groupName);
if (groups.length >1)
{
     throw "Multiple matching groups found: " + groupName;
}
if (groups.length < 1)
{
     throw "No matching group found: " + groupName;
}
var group = groups[0];
return group;

  • Is it possible to rank with the condition of a group?

    Is it possible to rank with the condition of a group? for example, I have following dataset.
     
RANK() OVER (partition BY PC.POLICY_NUMBER, PC.TRANSACTION_TYPE, COV_CHG_EFF_DATE order by PC.POLICY_NUMBER, COV_CHG_EFF_DATE, PC.TIMESTAMP_ENTERED) AS RNK,

POLICY_NUMBER    TRANSACTION_TYPE  COV_CHG_EFF_DATE  TIMESTAMP_ENTERED                        Rank
10531075PQ                           01           01/FEB/2009              15/SEP/2009 01:16:09.356663 AM       1
10531075PQ                           01           01/FEB/2009              15/SEP/2009 01:16:09.387784 AM       2
10531075PQ                           02           15/OCT/2009             16/OCT/2009 04:40:24.564928 PM       1
10531075PQ                           02           15/OCT/2009             16/OCT/2009 04:40:24.678118 PM       2
10531075PQ                           10           15/OCT/2009             16/OCT/2009 04:45:20.290117 PM       1
10531075PQ                           10           15/OCT/2009             16/OCT/2009 04:40:29.088737 PM       2
10531075PQ                           09           15/OCT/2009             16/OCT/2009 04:40:29.088737 PM       1 (expected 3)
10531075PQ                           06           17/OCT/2009             17/OCT/2009 04:45:20.290117 PM       1
10531075PQ                           07           17/OCT/2009             17/OCT/2009 04:40:29.088737 PM       1 (expected 2)
    I want to group founded by transaction ID. For ex, '09 'and '10' as a game and ' 06' one '07' as another set. Instead of the beginning rank, rank I want continue for any occurrence of the ' 09 'or ' 10'. In the example above, for the next line, I expect to grade 3 that there are transaction 2 '10' already exist for the same COV_CHG_EFF_DATE.

    09 10531075PQ October 15, 2009 October 16, 2009 04:40:29.088737 PM 1 (3 planned)

    I wonder if it's possible with the rank or another another analytic function. Not looking for exact labour code, I will appreciate if someone can give me idea/advice. Example of table and the test data, if someone wants to experience
     
drop table PC_COVKEY_PD;

create table PC_COVKEY_PD (
POLICY_NUMBER varchar(30),
TERM_IDENT varchar(3),
COVERAGE_NUMBER varchar(3),
TRANSACTION_TYPE varchar(3),
COV_CHG_EFF_DATE date,
TIMESTAMP_ENTERED timestamp
);

delete from PC_COVKEY_PD;

commit;

insert into PC_COVKEY_PD values ('10531075PQ', '021', '002', '01', to_date('01/FEB/2009','DD/MM/YYYY'), cast('15/SEP/2009 01:16:09.356663 AM' as timestamp));
insert into PC_COVKEY_PD values ('10531075PQ', '021', '001', '01', to_date('01/FEB/2009','DD/MM/YYYY'), cast('15/SEP/2009 01:16:09.387784 AM' as timestamp));
insert into PC_COVKEY_PD values ('10531075PQ', '021', '004', '02', to_date('15/OCT/2009','DD/MM/YYYY'), cast('16/OCT/2009 04:40:24.164928 PM' as timestamp));
insert into PC_COVKEY_PD values ('10531075PQ', '021', '004', '02', to_date('15/OCT/2009','DD/MM/YYYY'), cast('16/OCT/2009 04:40:24.264928 PM' as timestamp));
insert into PC_COVKEY_PD values ( '10531075PQ', '021', '005', '10', to_date('15/OCT/2009','DD/MM/YYYY'), cast('16/OCT/2009 04:40:24.364928 PM' as timestamp));
insert into PC_COVKEY_PD values ('10531075PQ', '021', '002', '10', to_date('15/OCT/2009','DD/MM/YYYY'), cast('16/OCT/2009 04:40:24.464928 PM' as timestamp));
insert into PC_COVKEY_PD values ( '10531075PQ', '021', '004', '09', to_date('15/OCT/2009','DD/MM/YYYY'), cast('16/OCT/2009 04:40:24.564928 PM' as timestamp));
insert into PC_COVKEY_PD values ('10531075PQ', '021', '004', '06', to_date('22/NOV/2011','DD/MM/YYYY'), cast('17/OCT/2009 04:40:24.564928 PM' as timestamp));
insert into PC_COVKEY_PD values ('10531075PQ', '021', '004', '07', to_date('22/NOV/2011','DD/MM/YYYY'), cast('17/OCT/2009 04:40:24.664928 PM' as timestamp));

commit;

SELECT POLICY_NUMBER,
       TERM_IDENT,
       COVERAGE_NUMBER,
       TRANSACTION_TYPE,
       COV_CHG_EFF_DATE,
       TIMESTAMP_ENTERED,
        RANK() OVER (partition BY PC.POLICY_NUMBER, PC.TERM_IDENT, PC.TRANSACTION_TYPE, PC.COV_CHG_EFF_DATE 
                order by PC.POLICY_NUMBER, PC.TERM_IDENT, PC.COV_CHG_EFF_DATE, PC.TIMESTAMP_ENTERED) AS RNK
FROM PC_COVKEY_PD PC
ORDER BY PC.POLICY_NUMBER, PC.TERM_IDENT, PC.COV_CHG_EFF_DATE, PC.TIMESTAMP_ENTERED ;
    Published by: 966820 on October 30, 2012 19:26

Maybe you are looking for