OK, my bad - application cant be IGNORE for a Any-service policy.
Any idea what port is used by your queries? Normally ii would be SQL over TCP-1521. In that case, modify the policy with service as 'SQL*Net V2' rather than Any. Now, you can make the application to be IGNORE.
Also, I see that you are using secondsr-IPs on bgroup, it is not the same as using sub-interfaces. Before doing a policy level testing, can you just try to telnet from app server to the DB server over the port that is used.
Something like--> telnet 192.168.2.x 1521
If this works, then you can try the policy testing above.