ASA with Implicit Rule

Similar Messages

• ASA 5505 - implicit rule

  Hi all,
  what is the purpose of the "Permint all traffic to less secure networks".
  Well I know the purpose and the technique to handle some sercurity level is nice. But what kind of help is it, when I cannot add add a rule without deleting this implicit rule?
  The technique of security level is then obsolete???
  Or is there a way to use the security level further?
  Regards

  Hello,
  HIGH to LOW:
  Well, it is like letting everyone who lives in your house is allowed to leave the house to go where ever they please.
  LOW to HIGH:
  But, when people try to come into the house, they will be stopped (unless they are the ones who left the house returning back) at the gate and the guard checks their ID and then lets them in if he has them listed in the allowed list.
  So, here you can take the family members inside the house as high security and where ever they would like to go as low security.
  You could add a rule even for family members to restrict who can leave the house as they please and who isn't allowed to go outside at all.  But, this is optional and by default in the ASA platform anything from high security to low security is automatically allowed.
  ACL manager is in ASDM is like a place holder of all the access-lists that you have configured in the box. Some for VPN, some for interface acl, some for MPF, NAT etc. They will all show up here.
  -KS

• ASA 5505 NAT rules blocking inside traffic

  Previous attempts to set up these NAT rules has been met with minimal success. We have been able to get the NAT rules created, and able to ping our inside servers and receivers from a  different outside network, but every time we get that far our internal network crashes.  Running the Packet Trace utility via the ASDM shows that internal traffic from the servers to  the workstations is being blocked by the default implicit rule under the access rule heading  that states "any to any, service being ip, action= deny". Reverse traffic from the workstations to  the servers is being allowed though. In an effort to start over again, the Cisco ASA has been  Factory Defaulted via the CLI, and has had it's Inside network, and Outside IP address set back up. DHCP pool has been setup for a minimal amount of addresses on the   inside network, since  most of our equipment will always be assigned statics. We reset our static NAT policies, and  seem to be having the same problem. My partner and I have been working on this for some time now, and have ourselves so frustrated that I know we are missing something simple. Any help will be greatly appreciated.
  Embarq :          Network                                      xxx.xxx.180.104
  Gateway:                                                             xxx.xxx.180.105
  Subnet Mask:                                                     255.255.255.248
  Our Static IP's:                                                    xxx.xxx.180.106 to xxx.xxx.180.110
  Cisco Pix for VPN tunnels :                              xxx.xxx.180.107  outside IP
      used for DataBase Servers :                        100.1.0.2  Inside IP/ Gateway 2
  Cisco ASA 5505:                                               xxx.xxx.180.106  outside IP
      all other traffic :                                              100.1.0.1  Inside IP/ Gateway 1
  Inside Network:                                                 100.1.0.0/24
  Application Server:                                          100.1.0.115 uses Gateway 1
  BackUp AppSrvr:                                             100.1.0.116 uses Gateway 1
  DataBase Server:                                            100.1.0.113 uses Gateway 2
  BackUp DBSrvr:                                               100.1.0.114 uses Gateway 2
  Cobox/Receiver:                                               100.1.0.140
  BackUp Cobox:                                                 100.1.0.150
  Workstation 1:                                                   100.1.0.112
  Workstation 2:                                                   100.1.0.111
  Network Speaker1,2,3,4:                                 100.1.0.125 to 100.1.0.128
  Future Workstations:                                        100.1.0.0/24
  1.           Embarq Gateway feeds both Cisco Pix, and Cisco ASA. Both Ciscos feed a Dell Switch.
  2.           All inside network devices at 100.1.0.0/24 are networked into the Dell Switch.
  3.           All Workstations/Network Speakers need to be able to communicate with all four servers, and   the Cobox/Receiver.
  4.          The DataBase Servers have VPN tunnels created in the Pix for clients to be able to login  securely and edit their account info.
  5.          The App Server (100.1.0.115), and BackUp App Srvr (100.1.0.116) need to have a NAT rule  created NAT'ing them to xxx.xxx.180.109.
        A.          The xxx.xxx.180.109 NAT rule needs to allow ALL UPD traffic TO and FROM ANY outside    IP address.
        B.          The xxx.xxx.180.109 NAT rule needs to allow ICMP traffic FROM ANY Outside IP address.
  6.          The Cobox/Receiver (100.1.0.140) and BackUp Cobox (100.1.0.150) need to have a NAT rule created NAT'ing them to xxx.xxx.180.108
        A.          The xxx.xxx.180.108 NAT rule needs to allow UDP traffic FROM ANY Outside IP address source port 6000 or 9000 to destination port 9000
        B.           The xxx.xxx.180.108 NAT rule needs to allow ICMP traffic FROM ANY Outside IP address.
  7.          Right now the Cisco PIX is functioning and working perfectly for our VPN tunnels.
  8.         
  : Saved
  ASA Version 8.2(5)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 100.1.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address xxx.xxx.180.106 255.255.255.248
  ftp mode passive
  same-security-traffic permit intra-interface
  object-group protocol DM_INLINE_PROTOCOL_2
  protocol-object ip
  protocol-object icmp
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object icmp
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_3
  protocol-object ip
  protocol-object icmp
  protocol-object udp
  protocol-object tcp
  object-group protocol DM_INLINE_PROTOCOL_4
  protocol-object icmp
  protocol-object udp
  object-group protocol DM_INLINE_PROTOCOL_5
  protocol-object icmp
  protocol-object udp
  access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_3 any xxx.xxx.180.104 255.255.255.248
  access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_4 host xxx.xxx.180.108 any
  access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_5 host xxx.xxx.180.108 any
  access-list inside_access_allow extended permit object-group DM_INLINE_PROTOCOL_2 100.1.0.0 255.255.255.0 100.1.0.0 255.255.255.0
  access-list inside_access_allow extended permit object-group DM_INLINE_PROTOCOL_1 any any
  access-list inside_nat_static extended permit udp host 100.1.0.140 eq 9000 any
  access-list inside_nat_static_1 extended permit ip host 100.1.0.115 any
  access-list inside_nat0_outbound extended permit ip 100.1.0.0 255.255.255.0 100.1.0.0 255.255.255.0
  access-list outside_nat_static extended permit udp host xxx.xxx.180.108 eq 6000 host 100.1.0.140
  access-list outside_nat_static_1 extended permit ip host xxx.xxx.180.109 host 100.1.0.115
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  nat-control
  global (inside) 1 100.1.0.3-100.1.0.254 netmask 255.0.0.0
  nat (inside) 0 access-list inside_nat0_outbound
  static (inside,outside) udp xxx.xxx.180.108 6000 access-list inside_nat_static
  static (outside,inside) udp 100.1.0.140 9000 access-list outside_nat_static
  static (inside,outside) xxx.xxx.180.109  access-list inside_nat_static_1
  static (outside,inside) 100.1.0.115  access-list outside_nat_static_1
  access-group outside_access_in in interface outside
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 100.1.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 100.1.0.5-100.1.0.15 inside
  dhcpd dns 71.0.1.211 67.235.59.242 interface inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:52e69fa95fcffd43ed9e73df320e3a55
  : end
  no asdm history enable

  OK. Thank you very much for your help. I am going to get with the powers that be to upgrade the "Base" license in this ASA.
  In the meantime I will Close and Rate this post for now so others can get this info also.
  If we have any further issues after the upgrade, then I will open a new post.
  Thanks again. We new it was something simple. Not sure how we overlooked that, but hey we're getting somewhere now.

• Period account closing bal includes cumul movements, even with a rule.WHY?!

  Hello chaps, I've been struggling with this for a few days now and I'm going to have admit defeat. :(
  I'm trying to do two things.
  1. View periodic balance sheet movements
  2. Get the correct custom closing balance to roll up once I've done 1 (in Periodic view)
  What I've done.
  For Point 1. I use the SwitchTypeForFlow attribute on the flow members. This let's me see the balance sheet movements in Periodic view. Great.
  Which leads me onto Point 2. Whilst I can now see the balance sheet movements in Periodic view, the closing balance (the parent of Opening + increases - decreases) does not total correctly. Instead of adding the Opening + increases - decreases for ONE period, It adds them for ALL the previous periods.
  Ok, so to get round that, I thought I'd just create a new member called "ClosingBal" and override what HFM is doing. I'll now have two rules. The "OpeningBal" is just the closing balance of last period. "ClosingBal" is just the sum of opening + increases - decreases for the period. So here are the two simple rules
  HS.Exp "C1#OpeningBal=C1#ClosingBal.P#Prior"
  HS.Exp "C1#ClosingBal=C1#OpeningBal+C1#increases-C1#decreases"
  But when I do this, even with the rule, it STILL adds up the cumulative increases and decreases for all prior periods as well, not just the ones for the period. Why is it doing that? All I want is my closing balance in that one period to be equal to opening balance + increases - decreases. It works fine in YTD view, but not Periodic view. I need it to work in Periodic view
  any help much appreciated.
  Thanks,
  Sal

  Sal,
  There is no solution here that allows the user to simpley change the View member from Periodic to YTD, keeping all else the same, and get your desired result. However, you could create a solution that when a user wants Periodic numbers he/she would select the Periodic View member and then select a unique ClosingBal member (eg. 'ClosingBalPer') and a unique OpenBal member (eg. 'OpenBalPeriodic'). When the user wants YTD numbers he/she would select the YTD View member and then select a different and also unique ClosingBal member (eg. 'ClosingBalYTD') and a different and also unique OpenBal member (eg. 'OpenBalYTD').
  Here you would have 2 different rules for you opening balances:
  HS.Exp "C1#OpeningBalPer=C1#ClosingBal.P#Prior"
  HS.Exp "C1#OpeningBalYTD=C1#ClosingBal.P#Last.Y#Prior"
  And your ClosingBal rules would look like this:
  HS.Exp "C1#ClosingBalPer=C1#OpeningBalPer+C1#increases-C1#decreases"
  HS.Exp "C1#ClosingBalYTD=C1#OpeningBalYTD+C1#increases-C1#decreases"
  In regards to the ClosingBal rules, these aren't necessary if you make the ClosingBal member a parent of the other members. If 'decreases' need to be subtracted then they should be flagged as 'SwithSignForFlow'.
  With this solution if a user selected YTD with the Periodic members or Periodic with the YTD members then their numbers wouldn't make sense so there would be some user eduction involved with this solution.

• List Tile View not working with include rule on iOS?

  hi Expert,
  I used the List Tile View with include rule in Agentry 6.0 on WinCE before to generate "selected" object list upon different conditions, e.g., assigning tasks based on scenarios.
  Currently, I am experimenting the same function on iOS tablet.
  On the start screen which is a detailed screen for main object, there is a List Tile View and an include rule. However, the objects in the tile list are not updated correctly when the output of the rule changes. Note that the same include rule works perfectly with a List View for the same collection.
  To my observation, the problem seems to associated with "update" of the tiles when result of include rule changes. For example, in scenario 1, there are 5 objects in the list; switching to scenario 2, there are 10 objects. From the No.6 to No.10, the objects are correct. The No.1 to No.5 are still the original 5 objects for scenario 1.
  When the user clicks on tiles, it makes the situation worse. Normally, a single object's tile will always be shown in the selected tile regardless which tile is selected from the list.
  My development environment is 6.0.40 and the client is 6.0.40 on iPad (iOS 7.1). I would like to know whether this is a known issue before I provide more details.
  Thanks.
  -Yang

  hi experts,
  When I asked the question on this list tile view refreshing issue, my dev environment is Agentry 6.0.38.
  In Agentry 6.0.40.1's release note, there is a fixed
  AG-25821  iOS 7 refresh issue with iPad tile list
  However, I currently have Agentry 6.0.42.1 on iPad (iOS 7.1.2). And my editor/server is 6.0.42.0. I still have the list tile view refreshing issue. The same rule can be used on list without any problem. But the list tile still has trouble on display the right set of objects.
  My question is is that fix related to the problem I saw?
  Thx.
  -Yang

• Slow Performance with Business Rules

  Hello,
  Has anyone ever had slow performance with business rules? For example, I attached a calc script to a form and it ran for 20 seconds. I made an exact replica of the calc script in a business rules and it took 30 seconds to run. Also, when creating / modifying business rules in EAS it takes a long time to open or save or attach security - any ideas on things to improve this performance?
  Thanks!

  If you are having issues with performance of assigning access then I am sure there was patch available, it was either a HSS patch or planning patch.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• What's Wrong with These Rules?

  I can't see what's wrong with these rules. Does any one see the problem?
  Passport data is verified if
  Database provides an exact match for the passport number and date of birth.
  Photo matching is required if
  Passport data is verified.
  Passport photo matches evidentiary photo if
  Photo matching is required and
  Photo match is valid.
  Photo match is valid if
  Photo matching is required and
  user states that photo matches evidentiary photo.
  The investigation session asks the question "does Database provide an exact match ..." Response is True.
  "Photo matching is request" is set to true because "Passport data is verified" is true.
  Then the investigation stops. It doesn't go on and ask if "user states that photo ...". This arrtibute has the value of <unknown>. All the identifiers (red numbers) match up correctly. I just can't see what is wrong.
  Thanks,
  Terry

  Thanks, Brandon,
  Your idea was helpful. It was a goal, but not a top level goal. By checking the data at each step, I found that a higher level rule that was dependent on these rules was the culprit. I should have had an "and" when I had wrote the rule with an "or". I don't entirely understand why this higher level rule needed to have "and" instead of "or", but it works now and that's all I care about.
  Terry

• How to append calling and called number with translation rules?

  Hello,
  I have one question about digit manipulations.
  How to append calling number and called number with IOS commands?
  For example, when 123 dials 45678, translations have to be performed and the new called number to be 12345678.
  Thank you,
  I will vote this conversation.

  It is not possible with translation rules.
  However, you can do that with a TCL/IVR script.

• [HA]ASA with FirePOWER Services with [HA]FireSIGHT Management Center

  Hi,
  My Customer orders the following SKUs in one to make these ASA with FirePOWER Services as H/A.
  Line
  Number
  Item Name
  Description
  Service
  Duration
  Lead
  Time
  Included
  Item
  Quantity
  ListPrice
  Extended
  ListPrice
  Discount
  Selling
  Price
  1.0
  ASA5515-FPWR-K9
  ASA 5515-X with FirePOWER Services  6GE  AC  3DES/AES  SSD
  N/A
  14 days
  No
  2
  2.0
  L-ASA5515-TAMC=
  Cisco ASA5515 FirePOWER IPS  AMP and URL Licenses
  N/A
  0 days
  No
  2
  2.0.1
  L-ASA5515-TAMC-1Y
  Cisco ASA5515 FirePOWER IPS AMP and URL 1YR Subs
  12 month(s)
  N/A
  No
  2
  Assuming from my experiences, 2 PAKs are supposed to be issued.
  PAK_A : 1 PAK for ASA5515-CTRL-LIC (Entitlement Qty:2)
  PAK_B: 1 PAK for L-ASA5555-TAMC= (Entitlement Qts:2)
  Also these FireSIGHTs which monitors these ASAs are H/A.
  The SKUs of FireSIGHTs are following:
  -FS1500-K9
  -FS1500-BASE-K9
  In this case, I assume that these steps are necessary for generating licenses for ASA with FirePOWER Servies;
  Go to license page ( www.cisco.com/go/license) and input PAK_A. Then following the steps and on “Add Device”section, should I input the following 3 devices license keys ?
  -Another ASA5515-FPWR-K9
  -FS1500-K9
  -FS1500-BASE-K9
  And then 2 licenses which are one is for FS1500-K9 and the other is for FS1500-BASE-k9 are to be generated.
  *I have to do that same operation for PAK_B.
  Q1: Is this right? Do I understand the steps correctly ?
  Q2 :If the answer for Q1 is Yes, does it mean that any license is not required for ASA with FirePOWER services ?

  Hi,
  For the PIDs "ASA5515-CTRL-LIC" and "L-ASA5555-TAMC=" you will be provided with PAKs.
  If you are trying to setup HA please check on the forum link for HA setup, https://supportforums.cisco.com/discussion/12320876/how-can-i-make-my-license-high-availabilityor-ha-license
  Steps to register the PAK, 
  1) Login to License portal ( www.cisco.com/go/license) with CCO ID
  2) Enter the PAK to register, click NEXT
  3) Enter the license key of the FireSight device (like FS1500) and if you want to add more devices for HA click on ADD device
  4) enter the license key of the second FireSIGHT for HA, click NEXT
  5) Agree to the terms and SUBMIT 
  6) email with the licenses will be sent 

• Error with Statement Rule: Reference is ambiguous

  Hello,
  Hopefully someone will be able to help me out with this inquiry. I have a configurator model where the BOM has been imported. Within this model, there are two BOM nodes of the same name (Item Number) but they are unique in the model by their effective dates. Basically, I have the following:
  Model
  __Feature1
  ____Option1 Eff_In: 1/1/2009 Eff_Out: 9/20/2011
  ____Option1 Eff_In: 12/21/2011 Eff_Out: 9/21/2090
  If I create say a CONTRIBUTE statement rule referencing node 'Option1', I get an error that reads "The reference Option1 is ambiguous". I understand that I am getting this error because Configurator cannot determine which instance of this Option1 I am referring to. Can anyone tell me how I can specify the specific node required? I would have expected that Configurator would always look at the structure effective dates, but it would appear not. I have looked at using full path or properties as part of my node reference, but the effective dates don't appear to be a standard system property that can be referenced (unless I missed something).
  Any help would be appreciated.
  Thanks,
  Paul Wentink

  From: Veerendra Singavarapu <veerendra.singavarapu@...>
  Sent: Sun Aug 15, 2010 12:50 am
  To: [email protected]
  RE: [configsig] ambiguity error
  Hi Lauree,
  As Carole rightly pointed out, this issue has been recently fixed in 11.5.10 branch. This happens only when the ECO change brings one or more item’s attribute changes. i.e. for instance an OC undergone an ECO change, with {min=0 and max=null} prior to ECO change and {min=0 and max=1} after ECO change can cause this issue.
  With regards,
  Veerendra S.
  ==========
  From: Lauree Swihart [mailto:lswihart@...]
  Sent: Friday, August 13, 2010 10:52 PM
  To: [email protected]
  Subject: RE: [configsig] ambiguity error
  Thanks a bunch Carole!
  ==========
  From: [email protected] [mailto:[email protected]] On Behalf Of Landgrebe, Carole
  Sent: Friday, August 13, 2010 1:21 PM
  To: [email protected]
  Subject: RE: [configsig] ambiguity error
  Hi Lauree-
  This is a known issue, and I had them create a fix for it in 11.5.10 when we were on 25-43A. Now the issue exists in 12 and I haven’t yet logged the TAR for that. We have exactly the same issue as we force all bom changes through ECOs, and even putting effectivity dates on the rules that match the effectivity dates of the BOM does not resolve the issue. Fix was produced off of TAR 7619362.994, looks like bug number was 8737252….not sure what release it was part of, we applied it as a manual fix, a jar file and an update to package body for cz_model_util_pvt.
  Holler if you need more info.
  Thanks!
  Carole
  ==========
  From: [email protected] [mailto:[email protected]] On Behalf Of Reinsch, Ted A (GE Energy)
  Sent: Friday, August 13, 2010 1:09 PM
  To: [email protected]
  Subject: RE: [configsig] ambiguity error
  Have you refreshed the model since this change?
  The only time I have received this error was if I was using the same component in more than 1 option class or option feature and it tells me that I need to further define the path to the object in the rule such as
  'ATO Model Name'.'Option Class 1'.'8003-518.8003-519.8003-502.029-4572-03' or
  'ATO Model Name'.'Option Class 2'.'8003-518.8003-519.8003-502.029-4572-03'
  ==========
  From: [email protected] [mailto:[email protected]] On Behalf Of Lauree Swihart
  Sent: Friday, August 13, 2010 10:45 AM
  To: [email protected]
  Subject: [configsig] ambiguity error
  I have a component that is currently in a logic rule. When this component is in a logic rule it works.
  This same component was changed out on an ECO, causing 2 records in the BOM. One with an end effective date and another with a begin effective date. When I convert my rule to a statement rule, I receive this error. I’ve received this error in the past and normally I thought I’d just changed the effectivity range associated with the rule and that resolved the issue. But, it’s not resolving the issue today.
  Is there any other way for me to resolve this without deleting the component in the bom that has been effectively end dated? I don’t want that route because that defeats the purpose of using an ECO and general foundation of why we use ECO’s for our healthcare products.
  The reference 8003-518.8003-519.8003-502.029-4572-03 is ambiguous.
  Thanks,
  Lauree Swihart

• I have updated my BRE with new rule but it is not working.

  Hi All,
  I have got a requirement to add one more rule into my existing BRE.
  Below are the points that I followed :
  1).Firstly, I created the new version for my BRE , and added my rule in that.
  2). Then I un-deployed the previous version of BRE and Deployed its new version.
  3). I did restarted host instances and Rule engine service also.
  3). Now, when I am testing the sample consisting of previous rule then it is executing,
  But on the other hand when i am testing the sample based on my new rule then BRE is not working.
  If BRE is Executing with previous rule then i believe it is working,
  Then why it is not working for my new Rule .
  4). When i am testing my policy then it is also working well enough .
  Note : The Schema path is also correct ,
  Any help and suggestion will be appreciated
  Kind Regards
  Rishi Gaur

  Hi Shankycheil,
  1). My policy version 1.0 was having 10 rules.
  2). Then i copied version 1.0  and added it to my new version 1.1 .
  3). Than i added my rule to it only.
  After all this I Undeploy version 1.0 and deployed my new version 1.1.
  In Admin console I am getting error like you mentioned   somewhere about policy not found?

• Something interesting with check rule for VAT registration no.

  Hi Guys,
  I found something weird in sap with check rule for VAT registration no.
  If I set any of check rules for US and save(tcode oy17), then change the country of a customer from DE to US and save(not change the VAT registration no), the system post error messages "ISO code DE is not correct in the VAT registration number". But if I set rule for AU(australia) with same rule as US, and change the customer's country from DE to AU(not change the VAT no), no error happens and customer can be saved successfully. So anybody can give any explanation on this problem?
  Thanks in advance, point will be rewared. Waiting for the comments.
  Regards,
  Alex

  <TABLE align=center border=0 cellPadding=1 cellSpacing=1 width="95%"><tr><td width="15px"><input type="image" src="wwv_flow_file_mgr.get_file?p_security_group_id=1046425373323359&p_fname=add2d1.jpg" name="add_QTB_5174" id="add_QTB_5174" onclick="javascript:addRowToTable('QTB_5174',4,22.5);return false;"/></td><td width="15px"><input type="image" src="wwv_flow_file_mgr.get_file?p_security_group_id=1046425373323359&p_fname=delete2d.gif" alt="delete" name="delete_QTB_5174" id="delete_QTB_5174" onclick="javascript:removeRowFromTable('QTB_5174');return false;"/></td><td><input type="image" src="wwv_flow_file_mgr.get_file?p_security_group_id=1046425373323359&p_fname=edit2d.jpg" alt="edit" name="edit_QTB_5174" id="edit_QTB_5174" onclick="javascript:updateTableRow('QTB_5174',22.5);return false;"/></td></tr></table>
  <input type="hidden" value="QTB_5174" id="5174"><TABLE align=center border=0 cellPadding=1 cellSpacing=1 width="95%" id="QTB_5174" name="QTB_5174">
  this a sample code. I have marked the name attrib in bold.

• Logical M:N Relation with Delete Rule:"NO ACTION" creates "CASCADE" FK

  I think I've detected a bug in the generation of FK when we have"N: N" relations, give me idea that the delete rule that is defined in the relationship of logical model is ignored.
  So I give you a small example to reproduce it:
  I've a simple example of 2 entities:
  Logical Model:
  Entity_A(#id_a, desc)
  Entity_B(#id_b, desc)
  M:N Relation between Entity_A and Entity_B (REL_A_B) with Delete Rule: "NO ACTION".
  When apply "Engineer to Relational Model" I've as result 3 tables:
  Relational Model:
  Entity_A(#id_a, desc)
  Entity_B(#id_b, desc)
  REL_A_B(#id_a, #id_b) but the generated foreign keys are defined using Delete rule "CASCADE".
  Is not supposed to have been generated with delete rule "NOT ACTION"?
  As result the generation of DDL scripts is creating FKs with the clause " ON DELETE CASCADE", which was not originally intended.
  I try to change this value in logical model but I've seen not effect on result.
  I hope I have helped!

  Hi Ariel,
  thanks for reporting the problem. I assume it's for Data Modeler 3.3.
  I logged a bug for that.
  Philip

• Error importing composite with business rules into SVN

  Hello,
  When I import a composite with business rules into Tortoise SVN I get below error.
  Error: Commit blocked by pre-commit hook (exit code 1) with output:
  Error: Path
  Error: '/trunk/ProjectName_SCA/.rulesdesigner/jaxb_classes/com/ProjectName/package-info.class'
  Error: is restricted for commit by pattern '\.class$' for the current user.
  I could import other composites(w/o business rules)
  Thanks

  Further invesitgation bears this problem out.
  Oracle support recommend wrapping the SimpleType in a ComplexType. This does work, but now I have an extra wrapper element to deal with. I either have to use the wrapped type in my other complex, composed Types and/or add an external wrapping element when trying to create Business Services in BPM to call the BusinessRules I've created.
  This is a bit messy.
  To be clear, this does not seem to be an issue with Business Rules; the BR editor and generation of Facts (including simple restricted types -> JAXB 2.0/Java Enumerations) seems to work correctly. There seems to be an issue exposing DFs as Services. The code which generated the WSDL and its supporting types seems to choke on restricted SimpleTypes.
  As a side note, it seems that HumanTasks have a similar limitation
  Edited by: wylderbeast on May 31, 2011 3:27 PM

• Problem with scrambling rules

  Good afternoon, I have a problem with the conversion rules, when I transfer the employee does not take into account any of the scrambling rules, those made by me and with the rules that I copied by CNV_TDMS_HCM_SCRAM transaction. I understand that this conversion is performed in the task to prepare data transfer. Someone can give me an idea that I may fail to do. Somebody has documentation of Scrambling rules? Thanks in advance.
  Manuel Campos

  Thank you, when I execute the program wherever Phase or activity ID that I select, for example PC001_RULES_MAINTAIN
  It shows me this:
  Rules for packege 90042
  Rule Name                     Status         Active
  CNV_MBT_BOP             red              check
  INITIAL                           red             check
  MOVE                            red             check
  01_RVNUM_CK_DGT      red             check
  99_HR_PEVAL2              red             check
  99_PD_SEQ_NR             red             check
  ADDR_SCRAM1             green          check
  SAMP_SCR_DOM          red             check
  SAMP_SCR_FIELD        green          check
  In your package appear something like this?
  I used transaction CNV_TDMS_HCM_SCRAM to prepare and maintain customizing for
  scrambling at project or subproject level. And I made this:
  To use the SAP template, choose Copy from other Project. You can now copy a scramble
  definition. To copy the SAP template, input the following:
  Pack ID: TDHSC
  Project: *
  Subproject: *
  Process Type: R
  Select the "Get from client 000" checkbox .
  You can use a description prefix, for example SAP_, to easily identify elements. For
  example, if you use this prefix and the name of a scramble group in the template is
  HCM_DE_01, then after the copy the name is SAP_HCM_DE_01. This is useful for copying
  in add-on mode into an existing project, because it helps you to determine what was new
  from this copy.
  Then I tried to use this scrambling rules copied, but They doesn´t work.
  Thanks a lot for your help