diff --git a/doc/ChangeLog b/doc/ChangeLog
index 2f1cd32f9..3f3ba4ac8 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,10 @@
 2011-01-12  Vadim Kurland  <vadim@netcitadel.com>
 
+	* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1907 "ASA NAT -
+	fwbuilder doesn't support multiple translated sources in a single
+	NAT rule". Compiler uses object-group to translate NAT rules that
+	have multiple objects in Translated Source.
+
 	* PolicyCompiler_pix_writers.cpp (_printLog): fixed #1913 "ASA/PIX
 	rules with logging enabled don't have log set unless user modifies
 	Firewall Settings". Added default log level setting to the
diff --git a/src/cisco_lib/ASA8TwiceNatLogic.cpp b/src/cisco_lib/ASA8TwiceNatLogic.cpp
index 7e0bbc29b..19c8a3bf1 100644
--- a/src/cisco_lib/ASA8TwiceNatLogic.cpp
+++ b/src/cisco_lib/ASA8TwiceNatLogic.cpp
@@ -48,14 +48,17 @@ ASA8TwiceNatStaticLogic::TwiceNatRuleType ASA8TwiceNatStaticLogic::getAutomaticT
     assert(tsrc_re!=NULL);
     Address  *tsrc = Address::cast(FWReference::getObject(tsrc_re->front()));
 
-    if (tsrc->isAny()) return STATIC;
+    if (tsrc_re->isAny()) return STATIC;
     else
     {
         /*
-         * Default behavior: if the number of ip addresses in OSrc is equal to
-         * that in TSrc, then use "static". Otherwise use "dynamic". However if
-         * rule option "asa8_nat_static" is true, use "static".
+         * Default behavior: if the number of ip addresses in OSrc is
+         * equal to that in TSrc, then use "static". Otherwise use
+         * "dynamic". Note that TSrc may be a group, in which case we
+         * assume it has different number of addresses and we fall
+         * back to dynamic
          */
+        if (tsrc == NULL) return DYNAMIC;
         if (osrc->dimension() == tsrc->dimension()) return STATIC;
         else return DYNAMIC;
     }
diff --git a/src/cisco_lib/NATCompiler_asa8.cpp b/src/cisco_lib/NATCompiler_asa8.cpp
index 0ee1891af..b47483694 100644
--- a/src/cisco_lib/NATCompiler_asa8.cpp
+++ b/src/cisco_lib/NATCompiler_asa8.cpp
@@ -26,6 +26,7 @@
 #include "NATCompiler_asa8.h"
 #include "ASA8Object.h"
 #include "ASA8ObjectGroup.h"
+#include "ObjectGroupsSupport.h"
 
 #include "fwbuilder/FWObjectDatabase.h"
 #include "fwbuilder/RuleElement.h"
@@ -286,10 +287,12 @@ void NATCompiler_asa8::compile()
 
     add( new checkForUnnumbered("check for unnumbered interfaces"));
 
-    add( new ConvertToAtomicForOriginal("convert to atomic for OSrc, ODst, OSrv"));
+    add( new ConvertToAtomicForOriginal(
+             "convert to atomic for OSrc, ODst, OSrv"));
+
     // remove ConvertToAtomicForTSrc if we figure out a way to support multiple
     // translated soruces per #1907
-    add( new ConvertToAtomicForTSrc("convert to atomic for TSrc"));
+    // add( new ConvertToAtomicForTSrc("convert to atomic for TSrc"));
     add( new ConvertToAtomicForTDst("convert to atomic for TDst"));
     add( new ConvertToAtomicForTSrv("convert to atomic for TSrv"));
 
@@ -300,15 +303,20 @@ void NATCompiler_asa8::compile()
              "verify rule elements for static NAT rules"));
     add( new processNONATRules("process NONAT" ));
 
-    add( new VerifyValidityOfDNSOption("Check validity of 'translate dns' option"));
+    add( new VerifyValidityOfDNSOption(
+             "Check validity of 'translate dns' option"));
+
+    add( new CreateObjectGroupsForTSrc("create object groups for TSrc"));
 
 /* REMOVE_OLD_OPTIMIZATIONS
    if (fw->getOptionsObject()->getBool("pix_optimize_default_nat"))
    add (new clearOSrc ("clear OSrc" ));
 */
 
+/* WE_DO_NOT_USE_NATCMD_FOR_ASA8
     add( new createNATCmd ("create NAT commands" ));
     add( new createStaticCmd ("create static commands" ));
+*/
 
 /* REMOVE_OLD_OPTIMIZATIONS
    add( new mergeNATCmd ("merge NAT commands" ));
@@ -321,7 +329,9 @@ void NATCompiler_asa8::compile()
 
     add( new PrintClearCommands("Clear ACLs" ));
     add( new PrintObjectsForNat("generate objects for nat commands"));
-    // add( new PrintObjectsForTSrc("generate object groups and objects for TSrc"));
+    //add( new PrintObjectsForTSrc(
+    //         "generate object groups and objects for TSrc"));
+    add( new printObjectGroups("generate code for object groups"));
     add( new PrintRule("generate PIX code" ));
     add( new storeProcessedRules ("store processed rules" ));
     add( new simplePrintProgress ());
diff --git a/src/cisco_lib/NATCompiler_asa8.h b/src/cisco_lib/NATCompiler_asa8.h
index 52e6e931a..44be91763 100644
--- a/src/cisco_lib/NATCompiler_asa8.h
+++ b/src/cisco_lib/NATCompiler_asa8.h
@@ -103,7 +103,8 @@ namespace fwcompiler {
         friend class PrintRule;
         class PrintRule : public NATCompiler_pix::PrintRule
         {
-        public:
+            QString printSingleObject(libfwbuilder::FWObject *obj);
+    public:
             
             PrintRule(const std::string &n);
             virtual void printNONAT(libfwbuilder::NATRule *rule);
diff --git a/src/cisco_lib/NATCompiler_asa8_writers.cpp b/src/cisco_lib/NATCompiler_asa8_writers.cpp
index 5b889192a..b0119441e 100644
--- a/src/cisco_lib/NATCompiler_asa8_writers.cpp
+++ b/src/cisco_lib/NATCompiler_asa8_writers.cpp
@@ -26,6 +26,7 @@
 #include "NATCompiler_asa8.h"
 #include "ASA8Object.h"
 #include "ASA8TwiceNatLogic.h"
+#include "ObjectGroupsSupport.h"
 
 #include "fwbuilder/FWObjectDatabase.h"
 #include "fwbuilder/RuleElement.h"
@@ -77,20 +78,28 @@ bool NATCompiler_asa8::PrintObjectsForNat::processNext()
     {
         NATRule *rule = NATRule::cast( *k );
 
-        Address  *osrc = compiler->getFirstOSrc(rule);  assert(osrc);
-        Address  *odst = compiler->getFirstODst(rule);  assert(odst);
-        Service  *osrv = compiler->getFirstOSrv(rule);  assert(osrv);
-                                      
-        Address  *tsrc = compiler->getFirstTSrc(rule);  assert(tsrc);
-        Address  *tdst = compiler->getFirstTDst(rule);  assert(tdst);
-        Service  *tsrv = compiler->getFirstTSrv(rule);  assert(tsrv);
+        // OSrc, ODst, OSrv and TSrc may be either a single
+        // address/service object or a group. We print group
+        // definitions in rule processor printObjectGroups
 
-        pix_comp->addASA8Object(osrc);
-        pix_comp->addASA8Object(odst);
-        pix_comp->addASA8Object(osrv);
-        pix_comp->addASA8Object(tsrc);
+        Address *osrc = compiler->getFirstOSrc(rule);
+        if (osrc) pix_comp->addASA8Object(osrc);
+
+        Address *odst = compiler->getFirstODst(rule);
+        if (odst) pix_comp->addASA8Object(odst);
+
+        Service *osrv = compiler->getFirstOSrv(rule);
+        if (osrv) pix_comp->addASA8Object(osrv);
+
+        Address *tsrc = compiler->getFirstTSrc(rule);
+        if (tsrc) pix_comp->addASA8Object(tsrc);
+
+        Address *tdst = compiler->getFirstTDst(rule);  assert(tdst);
         pix_comp->addASA8Object(tdst);
+
+        Service *tsrv = compiler->getFirstTSrv(rule);  assert(tsrv);
         pix_comp->addASA8Object(tsrv);
+
     }
 
     return true;
@@ -178,20 +187,49 @@ void NATCompiler_asa8::PrintRule::printDNAT(libfwbuilder::NATRule *rule)
     printSDNAT(rule);
 }
 
+QString NATCompiler_asa8::PrintRule::printSingleObject(FWObject *obj)
+{
+    NATCompiler_asa8 *pix_comp = dynamic_cast<NATCompiler_asa8*>(compiler);
+    ASA8Object* asa8_object = pix_comp->getASA8Object(obj);
+    if (asa8_object) return asa8_object->getCommandWord();
+
+    for (FWObject::iterator i=CreateObjectGroups::object_groups->begin();
+         i!=CreateObjectGroups::object_groups->end(); ++i)
+    {
+        BaseObjectGroup *og = dynamic_cast<BaseObjectGroup*>(*i);
+        assert(og!=NULL);
+        if (og->getId() == obj->getId()) return obj->getName().c_str();
+    }
+
+    QString err("Found unknown object '%1' in the NAT rule: it is not "
+                "an ASA8 object nor object group");
+    throw FWException(err.arg(obj->getName().c_str()).toStdString());
+}
+
 void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
 {
     NATCompiler_asa8 *pix_comp = dynamic_cast<NATCompiler_asa8*>(compiler);
-    // NATCmd *natcmd = pix_comp->nat_commands[ rule->getInt("nat_cmd") ];
 
     FWOptions *ropt = rule->getOptionsObject();
 
     QStringList cmd;
 
-    Address  *osrc = compiler->getFirstOSrc(rule);  assert(osrc);
-    Address  *odst = compiler->getFirstODst(rule);  assert(odst);
-    Service  *osrv = compiler->getFirstOSrv(rule);  assert(osrv);
-                                      
-    Address  *tsrc = compiler->getFirstTSrc(rule);  assert(tsrc);
+    RuleElementOSrc *osrc_re = rule->getOSrc();
+    assert(osrc_re!=NULL);
+    FWObject *osrc = FWReference::getObject(osrc_re->front());
+
+    RuleElementODst *odst_re = rule->getODst();
+    assert(odst_re!=NULL);
+    FWObject *odst = FWReference::getObject(odst_re->front());
+
+    RuleElementOSrv *osrv_re = rule->getOSrv();
+    assert(osrv_re!=NULL);
+    FWObject *osrv = FWReference::getObject(osrv_re->front());
+
+    RuleElementTSrc *tsrc_re = rule->getTSrc();
+    assert(tsrc_re!=NULL);
+    FWObject *tsrc = FWReference::getObject(tsrc_re->front());
+
     Address  *tdst = compiler->getFirstTDst(rule);  assert(tdst);
     Service  *tsrv = compiler->getFirstTSrv(rule);  assert(tsrv);
 
@@ -216,33 +254,34 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
         break;
     }
 
-    cmd << pix_comp->getASA8Object(osrc)->getCommandWord();
-    if (tsrc->isAny())
-        cmd << pix_comp->getASA8Object(osrc)->getCommandWord();
+    cmd << printSingleObject(osrc);
+
+    if (tsrc_re->isAny())
+        cmd << printSingleObject(osrc);
     else
-        cmd << pix_comp->getASA8Object(tsrc)->getCommandWord();
+        cmd << printSingleObject(tsrc);
 
     // only need "destination" part if ODst is not any
-    if (!odst->isAny())
+    if (!odst_re->isAny())
     {
         // ASA documentation says destination translation is always "static"
         cmd << "destination" << "static";
-        cmd << pix_comp->getASA8Object(odst)->getCommandWord();
+        cmd << printSingleObject(odst);
 
         if (tdst->isAny())
-            cmd << pix_comp->getASA8Object(odst)->getCommandWord();
+            cmd << printSingleObject(odst);
         else
-            cmd << pix_comp->getASA8Object(tdst)->getCommandWord();
+            cmd << printSingleObject(tdst);
     }
 
-    if (!osrv->isAny())
+    if (!osrv_re->isAny())
     {
         cmd << "service";
-        cmd << pix_comp->getASA8Object(osrv)->getCommandWord();
+        cmd << printSingleObject(osrv);
         if (tsrv->isAny())
-            cmd << pix_comp->getASA8Object(osrv)->getCommandWord();
+            cmd << printSingleObject(osrv);
         else
-            cmd << pix_comp->getASA8Object(tsrv)->getCommandWord();
+            cmd << printSingleObject(tsrv);
     }
 
     if (ropt->getBool("asa8_nat_dns")) cmd << "dns";
diff --git a/src/cisco_lib/NATCompiler_pix.cpp b/src/cisco_lib/NATCompiler_pix.cpp
index 74b4b8c22..a62939eed 100644
--- a/src/cisco_lib/NATCompiler_pix.cpp
+++ b/src/cisco_lib/NATCompiler_pix.cpp
@@ -489,8 +489,11 @@ bool NATCompiler_pix::AssignInterface::processNext()
 
     assert(a1!=NULL && a2!=NULL);
 
-    rule->setInt("nat_iface_orig", helper.findInterfaceByNetzone(a1));
-    rule->setInt("nat_iface_trn",  helper.findInterfaceByNetzone(a2));
+    int org_intf_id = helper.findInterfaceByNetzone(a1);
+    int trn_intf_id = helper.findInterfaceByNetzone(a2);
+    rule->setInt("nat_iface_orig", org_intf_id);
+    rule->setInt("nat_iface_trn",  trn_intf_id);
+    rule->setInterfaceId(trn_intf_id);
 
     if ( rule->getInt("nat_iface_orig")==-1 )
     {
diff --git a/src/cisco_lib/ObjectGroupsSupport.h b/src/cisco_lib/ObjectGroupsSupport.h
index 8b08c4ac2..921463c4f 100644
--- a/src/cisco_lib/ObjectGroupsSupport.h
+++ b/src/cisco_lib/ObjectGroupsSupport.h
@@ -62,24 +62,31 @@ public:
     class CreateObjectGroupsForSrc : public CreateObjectGroups
     {
 public:
-        CreateObjectGroupsForSrc(const std::string &n):
-        CreateObjectGroups(n,"src",libfwbuilder::RuleElementSrc::TYPENAME) {}
+        CreateObjectGroupsForSrc(const std::string &n) : 
+          CreateObjectGroups(n,"src",libfwbuilder::RuleElementSrc::TYPENAME) {}
     };
 
     class CreateObjectGroupsForDst : public CreateObjectGroups
     {
 public:
-        CreateObjectGroupsForDst(const std::string &n):
-        CreateObjectGroups(n,"dst",libfwbuilder::RuleElementDst::TYPENAME) {}
+        CreateObjectGroupsForDst(const std::string &n) : 
+          CreateObjectGroups(n,"dst",libfwbuilder::RuleElementDst::TYPENAME) {}
     };
 
     class CreateObjectGroupsForSrv : public CreateObjectGroups
     {
 public:
-        CreateObjectGroupsForSrv(const std::string &n):
-        CreateObjectGroups(n,"srv",libfwbuilder::RuleElementSrv::TYPENAME) {}
+        CreateObjectGroupsForSrv(const std::string &n) : 
+          CreateObjectGroups(n,"srv",libfwbuilder::RuleElementSrv::TYPENAME) {}
     };
     
+    class CreateObjectGroupsForTSrc : public CreateObjectGroups
+    {
+public:
+        CreateObjectGroupsForTSrc(const std::string &n) : 
+          CreateObjectGroups(n,"tsrc",libfwbuilder::RuleElementTSrc::TYPENAME) {}
+    };
+
     /**
      * this processor accumulates all rules fed to it by previous
      * processors, then prints all object groups and feeds all
diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig
index 8cd33fee1..30df03268 100755
--- a/test/pix/cluster1-1_pix1.fw.orig
+++ b/test/pix/cluster1-1_pix1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:34 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:37 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -148,10 +148,10 @@ object-group network inside.id56627X61097.src.net.0
 ! 
 ! Rule  0 (Ethernet0.101)
 ! anti spoofing rule
-access-list outside_in deny   ip object-group outside.id56590X61097.src.net.0 any log 2 interval 300 
-access-list outside_in deny   ip object-group outside.id56590X61097.src.net.1 any log 2 interval 300 
-access-list outside_in deny   ip object-group outside.id56590X61097.src.net.2 any log 2 interval 300 
-access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 2 interval 300 
+access-list outside_in deny   ip object-group outside.id56590X61097.src.net.0 any log 2 interval 300
+access-list outside_in deny   ip object-group outside.id56590X61097.src.net.1 any log 2 interval 300
+access-list outside_in deny   ip object-group outside.id56590X61097.src.net.2 any log 2 interval 300
+access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 2 interval 300
 ! 
 ! Rule  1 (global)
 ! SSH Access to firewall is permitted
@@ -164,31 +164,31 @@ ssh    10.3.14.0 255.255.255.0 inside
 ! Rule  3 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp object-group inside.id56627X61097.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
+access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp object-group inside.id56627X61097.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
 ! 
 ! Rule  4 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp object-group outside.id56590X61097.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp object-group outside.id56590X61097.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp object-group outside.id56590X61097.src.net.2 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
+access-list inside_out permit udp object-group outside.id56590X61097.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp object-group outside.id56590X61097.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp object-group outside.id56590X61097.src.net.2 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
 ! 
 ! Rule  5 (global)
 ! All other attempts to connect to
 ! the firewall are denied and logged
-access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.0 log 2 interval 300 
-access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.1 log 2 interval 300 
-access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.2 log 2 interval 300 
+access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.0 log 2 interval 300
+access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.1 log 2 interval 300
+access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.2 log 2 interval 300
 ! 
 ! Rule  6 (global)
 access-list inside_in permit ip 10.3.14.0 255.255.255.0 any 
 access-list inside_out permit ip 10.3.14.0 255.255.255.0 any 
 ! 
 ! Rule  7 (global)
-access-list inside_in deny   ip any any log 2 interval 300 
-access-list inside_out deny   ip any any log 2 interval 300 
+access-list inside_in deny   ip any any log 2 interval 300
+access-list inside_out deny   ip any any log 2 interval 300
 
 
 access-group inside_in in interface inside
diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig
index dce3cf5e7..09a7a9eec 100755
--- a/test/pix/cluster1-1_pix2.fw.orig
+++ b/test/pix/cluster1-1_pix2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:35 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:38 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -148,10 +148,10 @@ object-group network inside.id56627X61097.src.net.1
 ! 
 ! Rule  0 (Ethernet0.101)
 ! anti spoofing rule
-access-list outside_in deny   ip object-group outside.id56590X61097.src.net.3 any log 3 interval 300 
-access-list outside_in deny   ip object-group outside.id56590X61097.src.net.4 any log 3 interval 300 
-access-list outside_in deny   ip object-group outside.id56590X61097.src.net.5 any log 3 interval 300 
-access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 3 interval 300 
+access-list outside_in deny   ip object-group outside.id56590X61097.src.net.3 any log 3 interval 300
+access-list outside_in deny   ip object-group outside.id56590X61097.src.net.4 any log 3 interval 300
+access-list outside_in deny   ip object-group outside.id56590X61097.src.net.5 any log 3 interval 300
+access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 3 interval 300
 ! 
 ! Rule  1 (global)
 ! SSH Access to firewall is permitted
@@ -164,31 +164,31 @@ ssh    10.3.14.0 255.255.255.0 inside
 ! Rule  3 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp object-group inside.id56627X61097.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
+access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp object-group inside.id56627X61097.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
 ! 
 ! Rule  4 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp object-group outside.id56590X61097.src.net.3 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp object-group outside.id56590X61097.src.net.4 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp object-group outside.id56590X61097.src.net.5 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
+access-list inside_out permit udp object-group outside.id56590X61097.src.net.3 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp object-group outside.id56590X61097.src.net.4 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp object-group outside.id56590X61097.src.net.5 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
 ! 
 ! Rule  5 (global)
 ! All other attempts to connect to
 ! the firewall are denied and logged
-access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.3 log 3 interval 300 
-access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.4 log 3 interval 300 
-access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.5 log 3 interval 300 
+access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.3 log 3 interval 300
+access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.4 log 3 interval 300
+access-list inside_in deny   ip any object-group outside.id56590X61097.src.net.5 log 3 interval 300
 ! 
 ! Rule  6 (global)
 access-list inside_in permit ip 10.3.14.0 255.255.255.0 any 
 access-list inside_out permit ip 10.3.14.0 255.255.255.0 any 
 ! 
 ! Rule  7 (global)
-access-list inside_in deny   ip any any log 3 interval 300 
-access-list inside_out deny   ip any any log 3 interval 300 
+access-list inside_in deny   ip any any log 3 interval 300
+access-list inside_out deny   ip any any log 3 interval 300
 
 
 access-group inside_in in interface inside
diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig
index 73c959f69..7bcb0cb37 100755
--- a/test/pix/cluster1_pix1.fw.orig
+++ b/test/pix/cluster1_pix1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:34 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:37 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -148,10 +148,10 @@ object-group network inside.id55439X897.src.net.0
 ! 
 ! Rule  0 (Ethernet0.101)
 ! anti spoofing rule
-access-list outside_in deny   ip object-group outside.id2913X78273.src.net.0 any log 2 interval 300 
-access-list outside_in deny   ip object-group outside.id2913X78273.src.net.1 any log 2 interval 300 
-access-list outside_in deny   ip object-group outside.id2913X78273.src.net.2 any log 2 interval 300 
-access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 2 interval 300 
+access-list outside_in deny   ip object-group outside.id2913X78273.src.net.0 any log 2 interval 300
+access-list outside_in deny   ip object-group outside.id2913X78273.src.net.1 any log 2 interval 300
+access-list outside_in deny   ip object-group outside.id2913X78273.src.net.2 any log 2 interval 300
+access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 2 interval 300
 ! 
 ! Rule  1 (global)
 ! SSH Access to firewall is permitted
@@ -164,16 +164,16 @@ ssh    10.3.14.0 255.255.255.0 inside
 ! Rule  3 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp object-group inside.id55439X897.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
+access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp object-group inside.id55439X897.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
 ! 
 ! Rule  4 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp object-group outside.id2913X78273.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp object-group outside.id2913X78273.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
-access-list inside_out permit udp object-group outside.id2913X78273.src.net.2 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300 
+access-list inside_out permit udp object-group outside.id2913X78273.src.net.0 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp object-group outside.id2913X78273.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
+access-list inside_out permit udp object-group outside.id2913X78273.src.net.2 10.3.14.0 255.255.255.0 eq 53 log 2 interval 300
 ! 
 ! Rule  5 (Ethernet0.101,Ethernet0.102)
 ssh    0.0.0.0 0.0.0.0 outside
@@ -218,17 +218,17 @@ access-list dmz20_out permit udp any 10.3.14.0 255.255.255.0 eq 53
 ! Rule  9 (global)
 ! All other attempts to connect to
 ! the firewall are denied and logged
-access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.0 log 2 interval 300 
-access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.1 log 2 interval 300 
-access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.2 log 2 interval 300 
+access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.0 log 2 interval 300
+access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.1 log 2 interval 300
+access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.2 log 2 interval 300
 ! 
 ! Rule  10 (global)
 access-list inside_in permit ip 10.3.14.0 255.255.255.0 any 
 access-list inside_out permit ip 10.3.14.0 255.255.255.0 any 
 ! 
 ! Rule  11 (global)
-access-list inside_in deny   ip any any log 2 interval 300 
-access-list inside_out deny   ip any any log 2 interval 300 
+access-list inside_in deny   ip any any log 2 interval 300
+access-list inside_out deny   ip any any log 2 interval 300
 
 
 access-group dmz20_in in interface dmz20
diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig
index 4d35a2842..f1e293a15 100755
--- a/test/pix/cluster1_pix2.fw.orig
+++ b/test/pix/cluster1_pix2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:34 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:37 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -154,10 +154,10 @@ object-group network outside.id3401X82678.dst.net.0
 ! 
 ! Rule  0 (Ethernet0.101)
 ! anti spoofing rule
-access-list outside_in deny   ip object-group outside.id2913X78273.src.net.3 any log 3 interval 300 
-access-list outside_in deny   ip object-group outside.id2913X78273.src.net.4 any log 3 interval 300 
-access-list outside_in deny   ip object-group outside.id2913X78273.src.net.5 any log 3 interval 300 
-access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 3 interval 300 
+access-list outside_in deny   ip object-group outside.id2913X78273.src.net.3 any log 3 interval 300
+access-list outside_in deny   ip object-group outside.id2913X78273.src.net.4 any log 3 interval 300
+access-list outside_in deny   ip object-group outside.id2913X78273.src.net.5 any log 3 interval 300
+access-list outside_in deny   ip 10.3.14.0 255.255.255.0 any log 3 interval 300
 ! 
 ! Rule  1 (global)
 ! SSH Access to firewall is permitted
@@ -170,16 +170,16 @@ ssh    10.3.14.0 255.255.255.0 inside
 ! Rule  3 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp object-group inside.id55439X897.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
+access-list inside_out permit udp host 10.3.14.206 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp object-group inside.id55439X897.src.net.1 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp host 10.0.0.253 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
 ! 
 ! Rule  4 (global)
 ! Firewall uses one of the machines
 ! on internal network for DNS
-access-list inside_out permit udp object-group outside.id2913X78273.src.net.3 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp object-group outside.id2913X78273.src.net.4 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
-access-list inside_out permit udp object-group outside.id2913X78273.src.net.5 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300 
+access-list inside_out permit udp object-group outside.id2913X78273.src.net.3 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp object-group outside.id2913X78273.src.net.4 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
+access-list inside_out permit udp object-group outside.id2913X78273.src.net.5 10.3.14.0 255.255.255.0 eq 53 log 3 interval 300
 ! 
 ! Rule  5 (Ethernet0.101,Ethernet0.102)
 ssh    0.0.0.0 0.0.0.0 outside
@@ -224,17 +224,17 @@ access-list dmz20_out permit udp any 10.3.14.0 255.255.255.0 eq 53
 ! Rule  9 (global)
 ! All other attempts to connect to
 ! the firewall are denied and logged
-access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.3 log 3 interval 300 
-access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.4 log 3 interval 300 
-access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.5 log 3 interval 300 
+access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.3 log 3 interval 300
+access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.4 log 3 interval 300
+access-list inside_in deny   ip any object-group outside.id2913X78273.src.net.5 log 3 interval 300
 ! 
 ! Rule  10 (global)
 access-list inside_in permit ip 10.3.14.0 255.255.255.0 any 
 access-list inside_out permit ip 10.3.14.0 255.255.255.0 any 
 ! 
 ! Rule  11 (global)
-access-list inside_in deny   ip any any log 3 interval 300 
-access-list inside_out deny   ip any any log 3 interval 300 
+access-list inside_in deny   ip any any log 3 interval 300
+access-list inside_out deny   ip any any log 3 interval 300
 
 
 access-group dmz20_in in interface dmz20
diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig
index dc348c6a4..42c543169 100755
--- a/test/pix/firewall.fw.orig
+++ b/test/pix/firewall.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:00 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:04 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig
index f8fad1326..7ac93db16 100755
--- a/test/pix/firewall1.fw.orig
+++ b/test/pix/firewall1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:01 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:05 2011 PST by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig
index 7697d77af..3f48f44d3 100755
--- a/test/pix/firewall10.fw.orig
+++ b/test/pix/firewall10.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:02 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:06 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -238,7 +238,7 @@ object-group service outside.id3DB0FA12.srv.tcp.0 tcp
 ! 
 ! Rule  3 (ethernet1)
 ! anti-spoofing rule
-access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
+access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 6 interval 300
 ! 
 ! Rule  5 (ethernet0)
 access-list inside_acl_in permit tcp any object-group inside.id3DB0FA90.dst.net.0 object-group inside.id3DB0FA90.srv.tcp.0 
@@ -266,20 +266,20 @@ access-list dmz_acl_in permit 47 any host 192.168.1.10
 ! 
 ! Rule  9 (global)
 icmp permit any 3  outside
-access-list outside_acl_in permit icmp any host 22.22.22.22 3 
+access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 6 interval 300
 icmp permit any 3  inside
-access-list inside_acl_in permit icmp any host 192.168.1.1 3 
+access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 6 interval 300
 icmp permit any 3  dmz
-access-list dmz_acl_in permit icmp any host 192.168.2.1 3 
-access-list outside_acl_in permit icmp any any 3 
-access-list inside_acl_in permit icmp any any 3 
-access-list dmz_acl_in permit icmp any any 3 
-access-list outside_acl_in permit 47 any any 
-access-list inside_acl_in permit 47 any any 
-access-list dmz_acl_in permit 47 any any 
-access-list outside_acl_in permit 50 any any 
-access-list inside_acl_in permit 50 any any 
-access-list dmz_acl_in permit 50 any any 
+access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 6 interval 300
+access-list outside_acl_in permit icmp any any 3 log 6 interval 300
+access-list inside_acl_in permit icmp any any 3 log 6 interval 300
+access-list dmz_acl_in permit icmp any any 3 log 6 interval 300
+access-list outside_acl_in permit 47 any any log 6 interval 300
+access-list inside_acl_in permit 47 any any log 6 interval 300
+access-list dmz_acl_in permit 47 any any log 6 interval 300
+access-list outside_acl_in permit 50 any any log 6 interval 300
+access-list inside_acl_in permit 50 any any log 6 interval 300
+access-list dmz_acl_in permit 50 any any log 6 interval 300
 ! 
 ! Rule  11 (global)
 access-list outside_acl_in permit ip object-group inside.id3DB0FA90.dst.net.0 object-group outside.id3DB0F9E6.dst.net.0 
@@ -321,9 +321,9 @@ access-list inside_acl_in permit icmp any host 192.168.1.1 3
 access-list dmz_acl_in permit icmp any host 192.168.2.1 3 
 ! 
 ! Rule  20 (global)
-access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 
-access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 
-access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 
+access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 6 interval 300
+access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 6 interval 300
+access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 6 interval 300
 ! 
 ! Rule  21 (global)
 access-list outside_acl_in permit ip host 22.22.22.22 any 
@@ -332,9 +332,9 @@ access-list dmz_acl_in permit ip host 192.168.2.1 any
 access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
 ! 
 ! Rule  22 (global)
-access-list outside_acl_in deny   ip any any 
-access-list inside_acl_in deny   ip any any 
-access-list dmz_acl_in deny   ip any any 
+access-list outside_acl_in deny   ip any any log 6 interval 300
+access-list inside_acl_in deny   ip any any log 6 interval 300
+access-list dmz_acl_in deny   ip any any log 6 interval 300
 
 
 access-group dmz_acl_in in interface dmz
diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig
index 113599e56..8a8b6c02a 100755
--- a/test/pix/firewall11.fw.orig
+++ b/test/pix/firewall11.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:03 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:07 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig
index 6e52830e4..55bdfd546 100755
--- a/test/pix/firewall12.fw.orig
+++ b/test/pix/firewall12.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:04 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:08 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -146,11 +146,11 @@ access-list dmz50_acl_in permit tcp any host 192.0.2.1 eq 80
 ! 
 ! Rule  6 (global)
 access-list outside_acl_in  remark 6 (global)
-access-list outside_acl_in deny   ip any any log 5 interval 120 
+access-list outside_acl_in deny   ip any any log 5 interval 120
 access-list inside_acl_in  remark 6 (global)
-access-list inside_acl_in deny   ip any any log 5 interval 120 
+access-list inside_acl_in deny   ip any any log 5 interval 120
 access-list dmz50_acl_in  remark 6 (global)
-access-list dmz50_acl_in deny   ip any any log 5 interval 120 
+access-list dmz50_acl_in deny   ip any any log 5 interval 120
 
 
 access-group dmz50_acl_in in interface dmz50
diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig
index d7624e8b6..30e546dc3 100755
--- a/test/pix/firewall13.fw.orig
+++ b/test/pix/firewall13.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:05 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:09 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig
index 71ac7d692..076e174c7 100755
--- a/test/pix/firewall14.fw.orig
+++ b/test/pix/firewall14.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:06 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:10 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig
index 6a0f2bda2..ef2e76041 100755
--- a/test/pix/firewall2.fw.orig
+++ b/test/pix/firewall2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:07 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:11 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -82,14 +82,14 @@ object-group network inside.id3D8FCCDE.src.net.0
 ! 
 ! Rule  0 (eth1)
 ! Anti-spoofing rule
-access-list outside_acl_in deny   ip host 192.168.1.1 any 
-access-list outside_acl_in deny   ip host 22.22.22.22 any 
-access-list outside_acl_in deny   ip host 192.168.2.1 any 
-access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any 
+access-list outside_acl_in deny   ip host 192.168.1.1 any log 6 interval 300
+access-list outside_acl_in deny   ip host 22.22.22.22 any log 6 interval 300
+access-list outside_acl_in deny   ip host 192.168.2.1 any log 6 interval 300
+access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 6 interval 300
 ! 
 ! Rule  1 (eth1)
 ! Anti-spoofing rule
-access-list inside_acl_in deny   ip 192.168.1.0 255.255.255.0 any 
+access-list inside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 6 interval 300
 ! 
 ! Rule  2 (global)
 access-list inside_acl_in permit tcp any host 192.168.1.10 object-group inside.id3D6EF08C.srv.tcp.0 
diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig
index d69aaccbd..2b1aa3f69 100755
--- a/test/pix/firewall20.fw.orig
+++ b/test/pix/firewall20.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:08 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:12 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -105,14 +105,14 @@ access-list inside_acl_in permit ip host 192.168.2.23 host 192.168.1.10
 access-list dmz_acl_in permit ip host 192.168.2.23 host 192.168.1.10 
 ! 
 ! Rule  6 (eth0,eth1)
-access-list outside_acl_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list outside_acl_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list outside_acl_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list outside_acl_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  7 (eth0,eth1)
 access-list dmz_acl_in permit ip 192.168.2.0 255.255.255.0 any 
diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig
index da41345d2..7bd9565f0 100755
--- a/test/pix/firewall21-1.fw.orig
+++ b/test/pix/firewall21-1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:10 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:14 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -152,14 +152,14 @@ access-list inside_acl_in permit ip host 192.168.2.23 host 192.168.1.10
 access-list dmz_acl_in permit ip host 192.168.2.23 host 192.168.1.10 
 ! 
 ! Rule  19 (eth0,eth1)
-access-list outside_acl_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list outside_acl_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list outside_acl_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list outside_acl_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  20 (eth0,eth1)
 access-list dmz_acl_in permit ip 192.168.2.0 255.255.255.0 any 
diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig
index 2fd382287..f093072f2 100755
--- a/test/pix/firewall21.fw.orig
+++ b/test/pix/firewall21.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:09 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:13 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -167,14 +167,14 @@ access-list inside_acl_in permit ip host 192.168.2.23 host 192.168.1.10
 access-list dmz_acl_in permit ip host 192.168.2.23 host 192.168.1.10 
 ! 
 ! Rule  19 (eth0,eth1)
-access-list outside_acl_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list dmz_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list outside_acl_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list outside_acl_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list outside_acl_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list outside_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list dmz_acl_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  20 (eth0,eth1)
 access-list dmz_acl_in permit ip 192.168.2.0 255.255.255.0 any 
diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig
index cb8825bf5..6847c37b9 100755
--- a/test/pix/firewall22.fw.orig
+++ b/test/pix/firewall22.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:11 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:15 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -191,14 +191,14 @@ access-list inside_in permit ip host 192.168.2.23 host 192.168.1.10
 access-list inside_out permit ip host 192.168.2.23 host 192.168.1.10 
 ! 
 ! Rule  19 (eth0,eth1)
-access-list outside_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list outside_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list outside_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list outside_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
-access-list dmz_in deny   ip host 10.5.70.20 any log 0 interval 300 
-access-list dmz_in deny   ip host 192.168.2.20 any log 0 interval 300 
-access-list dmz_in deny   ip host 192.168.1.20 any log 0 interval 300 
-access-list dmz_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list outside_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list outside_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list outside_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list outside_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
+access-list dmz_in deny   ip host 10.5.70.20 any log 0 interval 300
+access-list dmz_in deny   ip host 192.168.2.20 any log 0 interval 300
+access-list dmz_in deny   ip host 192.168.1.20 any log 0 interval 300
+access-list dmz_in deny   ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  20 (eth0,eth1)
 access-list outside_out permit ip host 10.5.70.20 any 
diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig
index 4262d5f2d..ebace3173 100755
--- a/test/pix/firewall3.fw.orig
+++ b/test/pix/firewall3.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:12 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:16 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig
index 70f97832f..493d67f73 100755
--- a/test/pix/firewall33.fw.orig
+++ b/test/pix/firewall33.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:13 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:17 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -117,8 +117,8 @@ access-list outside_acl_in permit ip any object-group outside.id438728A918346.ds
 access-list inside_acl_in permit ip any object-group outside.id438728A918346.dst.net.0 
 ! 
 ! Rule  11 (global)
-access-list outside_acl_in deny   ip any any 
-access-list inside_acl_in deny   ip any any 
+access-list outside_acl_in deny   ip any any log 6 interval 300
+access-list inside_acl_in deny   ip any any log 6 interval 300
 
 
 access-group inside_acl_in in interface inside
diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig
index d66eb157c..35035b3dd 100755
--- a/test/pix/firewall34.fw.orig
+++ b/test/pix/firewall34.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:14 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:18 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -197,18 +197,18 @@ access-list outside_acl_in permit ip any 192.0.2.0 255.255.255.0
 access-list inside_acl_in permit ip any 192.0.2.0 255.255.255.0 
 ! 
 ! Rule  2 (global)
-access-list outside_acl_in deny   ip any object-group outside.id4390C25825682.dst.net.0 
-access-list inside_acl_in deny   ip any object-group outside.id4390C25825682.dst.net.0 
+access-list outside_acl_in deny   ip any object-group outside.id4390C25825682.dst.net.0 log 6 interval 300
+access-list inside_acl_in deny   ip any object-group outside.id4390C25825682.dst.net.0 log 6 interval 300
 ! 
 ! Rule  3 (global)
 access-list outside_acl_in deny   tcp any object-group outside.id4390C25825682.dst.net.0 eq 25 
 access-list inside_acl_in deny   tcp any object-group outside.id4390C25825682.dst.net.0 eq 25 
 ! 
 ! Rule  5 (global)
-access-list outside_acl_in deny   ip object-group outside.id4388CFF8674.src.net.0 any 
+access-list outside_acl_in deny   ip object-group outside.id4388CFF8674.src.net.0 any log 6 interval 300
 ! 
 ! Rule  6 (global)
-access-list outside_acl_in deny   ip object-group outside.id4390C25825682.dst.net.0 any 
+access-list outside_acl_in deny   ip object-group outside.id4390C25825682.dst.net.0 any log 6 interval 300
 ! 
 ! Rule  7 (global)
 access-list outside_acl_in permit ip object-group outside.id4390C25825682.dst.net.0 any 
@@ -221,8 +221,8 @@ access-list inside_acl_in permit tcp any host 192.168.1.10 eq 25
 access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
 ! 
 ! Rule  11 (global)
-access-list outside_acl_in deny   ip any any 
-access-list inside_acl_in deny   ip any any 
+access-list outside_acl_in deny   ip any any log 6 interval 300
+access-list inside_acl_in deny   ip any any log 6 interval 300
 
 
 access-group inside_acl_in in interface inside
diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig
index 9203efa58..894c72c5d 100755
--- a/test/pix/firewall4.fw.orig
+++ b/test/pix/firewall4.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:15 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:19 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig
index 884865b13..39cdb7fba 100755
--- a/test/pix/firewall50.fw.orig
+++ b/test/pix/firewall50.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:17 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:20 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -260,7 +260,7 @@ access-list outside_acl_in permit icmp any any 3
 ! 
 ! Rule  3 (ethernet1)
 ! anti-spoofing rule
-access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  4 (ethernet0)
 ssh    192.168.1.0 255.255.255.0 inside
@@ -301,20 +301,20 @@ access-list inside_acl_in permit 47 any host 192.168.1.10
 access-list dmz_acl_in permit 47 any host 192.168.1.10 
 ! 
 ! Rule  12 (global)
-access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 0 interval 300 
+access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 0 interval 300
 icmp permit any 3  inside
-access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 0 interval 300 
+access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 0 interval 300
 icmp permit any 3  dmz
-access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 0 interval 300 
-access-list outside_acl_in permit icmp any any 3 log 0 interval 300 
-access-list inside_acl_in permit icmp any any 3 log 0 interval 300 
-access-list dmz_acl_in permit icmp any any 3 log 0 interval 300 
-access-list outside_acl_in permit 47 any any log 0 interval 300 
-access-list inside_acl_in permit 47 any any log 0 interval 300 
-access-list dmz_acl_in permit 47 any any log 0 interval 300 
-access-list outside_acl_in permit 50 any any log 0 interval 300 
-access-list inside_acl_in permit 50 any any log 0 interval 300 
-access-list dmz_acl_in permit 50 any any log 0 interval 300 
+access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 0 interval 300
+access-list outside_acl_in permit icmp any any 3 log 0 interval 300
+access-list inside_acl_in permit icmp any any 3 log 0 interval 300
+access-list dmz_acl_in permit icmp any any 3 log 0 interval 300
+access-list outside_acl_in permit 47 any any log 0 interval 300
+access-list inside_acl_in permit 47 any any log 0 interval 300
+access-list dmz_acl_in permit 47 any any log 0 interval 300
+access-list outside_acl_in permit 50 any any log 0 interval 300
+access-list inside_acl_in permit 50 any any log 0 interval 300
+access-list dmz_acl_in permit 50 any any log 0 interval 300
 ! 
 ! Rule  14 (global)
 access-list outside_acl_in permit ip object-group inside.id45142FA628543.dst.net.0 object-group outside.id45142FFC28543.dst.net.0 
@@ -371,9 +371,9 @@ access-list inside_acl_in permit tcp any range 20000 20020 host 192.168.1.10
 access-list dmz_acl_in permit tcp any range 20000 20020 host 192.168.1.10 
 ! 
 ! Rule  25 (global)
-access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300 
-access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 0 interval 300 
-access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 0 interval 300 
+access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300
+access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 0 interval 300
+access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 0 interval 300
 ! 
 ! Rule  26 (global)
 access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
@@ -385,9 +385,9 @@ access-list dmz_acl_in permit ip host 192.168.2.1 any
 access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
 ! 
 ! Rule  28 (global)
-access-list outside_acl_in deny   ip any any log 0 interval 300 
-access-list inside_acl_in deny   ip any any log 0 interval 300 
-access-list dmz_acl_in deny   ip any any log 0 interval 300 
+access-list outside_acl_in deny   ip any any log 0 interval 300
+access-list inside_acl_in deny   ip any any log 0 interval 300
+access-list dmz_acl_in deny   ip any any log 0 interval 300
 
 
 access-group dmz_acl_in in interface dmz
diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig
index 77cc70182..6e97d61ab 100755
--- a/test/pix/firewall6.fw.orig
+++ b/test/pix/firewall6.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:17 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:21 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig
index 558fabd24..1f4708583 100755
--- a/test/pix/firewall8.fw.orig
+++ b/test/pix/firewall8.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:19 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:22 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig
index 23ad9bd89..dc18d1dab 100755
--- a/test/pix/firewall80.fw.orig
+++ b/test/pix/firewall80.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:20 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:23 2011 PST by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig
index b462eeeae..5408f534c 100755
--- a/test/pix/firewall81.fw.orig
+++ b/test/pix/firewall81.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:21 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:24 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig
index 66455f534..23bf2616d 100755
--- a/test/pix/firewall82.fw.orig
+++ b/test/pix/firewall82.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:22 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:25 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig
index d8dd2f411..7387798c5 100755
--- a/test/pix/firewall83.fw.orig
+++ b/test/pix/firewall83.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:23 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:26 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig
index 74851d0bf..f960dd558 100755
--- a/test/pix/firewall9.fw.orig
+++ b/test/pix/firewall9.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:24 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:27 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig
index 4c2980835..fa84e06ca 100755
--- a/test/pix/firewall90.fw.orig
+++ b/test/pix/firewall90.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:25 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:28 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@@ -148,15 +148,42 @@ quit
 object network outside_range
   range 22.22.22.21 22.22.22.25
 quit
-object network firewall90:FastEthernet1:ip
-  host 22.22.22.22
-quit
-object network external_gw2
-  host 22.22.22.100
-quit
 object service squid
   service tcp destination eq 3128
 quit
+
+object-group network outside.id130599X29063.tsrc.net.0
+ network-object  host 22.22.22.21 
+ network-object  host 22.22.22.22 
+ network-object  host 22.22.22.100 
+ exit
+
+
+object-group network outside.id20720X27505.tsrc.net.0
+ network-object  host 22.22.22.21 
+ network-object  host 22.22.22.22 
+ network-object  host 22.22.22.100 
+ exit
+
+
+object-group network outside.id241772X29764.tsrc.net.0
+ network-object  host 22.22.22.21 
+ network-object  host 22.22.22.22 
+ exit
+
+
+object-group network outside.id21121X3710.tsrc.net.0
+ network-object  host 22.22.22.22 
+ network-object  host 22.22.22.30 
+ network-object  host 22.22.22.100 
+ exit
+
+
+object-group network outside.id21177X3720.tsrc.net.0
+ network-object  host 22.22.22.22 
+ network-object 22.22.22.128 255.255.255.224 
+ exit
+
 ! 
 ! Rule  0 (NAT)
 nat (inside,outside) source dynamic Internal_net interface service http http
@@ -179,20 +206,15 @@ nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1 dest
 ! 
 ! Rule  6 (NAT)
 ! For #1907
-nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
-nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip service smtp smtp
-nat (inside,outside) source static hostA:eth0 external_gw2 service smtp smtp
+nat (inside,outside) source dynamic hostA:eth0 outside.id130599X29063.tsrc.net.0 service smtp smtp
 ! 
 ! Rule  7 (NAT)
 ! For #1907
-nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
-nat (inside,outside) source static hostA:eth0 interface service smtp smtp
-nat (inside,outside) source static hostA:eth0 external_gw2 service smtp smtp
+nat (inside,outside) source dynamic hostA:eth0 outside.id20720X27505.tsrc.net.0 service smtp smtp
 ! 
 ! Rule  8 (NAT)
 ! For #1907
-nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
-nat (inside,outside) source static hostA:eth0 interface service smtp smtp
+nat (inside,outside) source dynamic hostA:eth0 outside.id241772X29764.tsrc.net.0 service smtp smtp
 ! 
 ! Rule  9 (NAT)
 ! for #1902
@@ -221,21 +243,32 @@ nat (inside,outside) source static hostA:eth0 firewall90:FastEthernet1:ip-1
 nat (inside,outside) source dynamic hostA:eth0 outside_range
 ! 
 ! Rule  14 (NAT)
-! for #1908
-! "static" vs "dynamic"
-nat (outside,outside) source dynamic outside_range firewall90:FastEthernet1:ip-1
+! for #1908  "static" vs "dynamic"
+! for #1885 "named object" - create 
+! network object to define address range, then add it to object-group
+nat (inside,outside) source dynamic hostA:eth0 outside.id21121X3710.tsrc.net.0
 ! 
 ! Rule  15 (NAT)
-! for #1908
+! for #1908, #1916
 ! "static" vs "dynamic"
-nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1
+nat (inside,outside) source dynamic hostA:eth0 outside.id21177X3720.tsrc.net.0
 ! 
 ! Rule  16 (NAT)
 ! for #1908
 ! "static" vs "dynamic"
-nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip-1
+nat (outside,outside) source dynamic outside_range firewall90:FastEthernet1:ip-1
 ! 
 ! Rule  17 (NAT)
+! for #1908
+! "static" vs "dynamic"
+nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1
+! 
+! Rule  18 (NAT)
+! for #1908
+! "static" vs "dynamic"
+nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip-1
+! 
+! Rule  19 (NAT)
 nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid
 
 
diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig
index 6d40b68d0..7bb641374 100755
--- a/test/pix/firewall91.fw.orig
+++ b/test/pix/firewall91.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:26 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:29 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig
index 6e9c30ae9..ad24aea4d 100755
--- a/test/pix/firewall92.fw.orig
+++ b/test/pix/firewall92.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:26 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:30 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig
index 81493d7e7..982f14d56 100755
--- a/test/pix/fwsm1.fw.orig
+++ b/test/pix/fwsm1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:28 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:31 2011 PST by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported
@@ -244,7 +244,7 @@ access-list outside_acl_in permit icmp any any 3
 ! 
 ! Rule  3 (ethernet1)
 ! anti-spoofing rule
-access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  4 (ethernet0)
 ssh    192.168.1.0 255.255.255.0 inside
@@ -277,20 +277,20 @@ access-list inside_acl_in permit 47 any host 192.168.1.10
 access-list dmz_acl_in permit 47 any host 192.168.1.10 
 ! 
 ! Rule  10 (global)
-access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 0 interval 300 
+access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 0 interval 300
 icmp permit any 3  inside
-access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 0 interval 300 
+access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 0 interval 300
 icmp permit any 3  dmz
-access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 0 interval 300 
-access-list outside_acl_in permit icmp any any 3 log 0 interval 300 
-access-list inside_acl_in permit icmp any any 3 log 0 interval 300 
-access-list dmz_acl_in permit icmp any any 3 log 0 interval 300 
-access-list outside_acl_in permit 47 any any log 0 interval 300 
-access-list inside_acl_in permit 47 any any log 0 interval 300 
-access-list dmz_acl_in permit 47 any any log 0 interval 300 
-access-list outside_acl_in permit 50 any any log 0 interval 300 
-access-list inside_acl_in permit 50 any any log 0 interval 300 
-access-list dmz_acl_in permit 50 any any log 0 interval 300 
+access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 0 interval 300
+access-list outside_acl_in permit icmp any any 3 log 0 interval 300
+access-list inside_acl_in permit icmp any any 3 log 0 interval 300
+access-list dmz_acl_in permit icmp any any 3 log 0 interval 300
+access-list outside_acl_in permit 47 any any log 0 interval 300
+access-list inside_acl_in permit 47 any any log 0 interval 300
+access-list dmz_acl_in permit 47 any any log 0 interval 300
+access-list outside_acl_in permit 50 any any log 0 interval 300
+access-list inside_acl_in permit 50 any any log 0 interval 300
+access-list dmz_acl_in permit 50 any any log 0 interval 300
 ! 
 ! Rule  12 (global)
 access-list outside_acl_in permit ip object-group inside.id444A03DE9567.dst.net.0 object-group outside.id444A04349567.dst.net.0 
@@ -341,9 +341,9 @@ access-list inside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
 access-list dmz_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80 
 ! 
 ! Rule  23 (global)
-access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300 
-access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 0 interval 300 
-access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 0 interval 300 
+access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300
+access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 0 interval 300
+access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 0 interval 300
 ! 
 ! Rule  24 (global)
 access-list outside_acl_in permit ip host 22.22.22.22 any 
@@ -352,9 +352,9 @@ access-list dmz_acl_in permit ip host 192.168.2.1 any
 access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
 ! 
 ! Rule  25 (global)
-access-list outside_acl_in deny   ip any any log 0 interval 300 
-access-list inside_acl_in deny   ip any any log 0 interval 300 
-access-list dmz_acl_in deny   ip any any log 0 interval 300 
+access-list outside_acl_in deny   ip any any log 0 interval 300
+access-list inside_acl_in deny   ip any any log 0 interval 300
+access-list dmz_acl_in deny   ip any any log 0 interval 300
 
 
 access-group dmz_acl_in in interface dmz
diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig
index bfbc0db7a..885c248ef 100755
--- a/test/pix/fwsm2.fw.orig
+++ b/test/pix/fwsm2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:29 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:32 2011 PST by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported
@@ -255,7 +255,7 @@ access-list outside_acl_in permit icmp any any 3
 ! 
 ! Rule  3 (ethernet1)
 ! anti-spoofing rule
-access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 0 interval 300 
+access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any log 0 interval 300
 ! 
 ! Rule  4 (ethernet0)
 ssh    192.168.1.0 255.255.255.0 inside
@@ -288,20 +288,20 @@ access-list inside_acl_in permit 47 any host 192.168.1.10
 access-list dmz_acl_in permit 47 any host 192.168.1.10 
 ! 
 ! Rule  10 (global)
-access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 0 interval 300 
+access-list outside_acl_in permit icmp any host 22.22.22.22 3 log 0 interval 300
 icmp permit any 3  inside
-access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 0 interval 300 
+access-list inside_acl_in permit icmp any host 192.168.1.1 3 log 0 interval 300
 icmp permit any 3  dmz
-access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 0 interval 300 
-access-list outside_acl_in permit icmp any any 3 log 0 interval 300 
-access-list inside_acl_in permit icmp any any 3 log 0 interval 300 
-access-list dmz_acl_in permit icmp any any 3 log 0 interval 300 
-access-list outside_acl_in permit 47 any any log 0 interval 300 
-access-list inside_acl_in permit 47 any any log 0 interval 300 
-access-list dmz_acl_in permit 47 any any log 0 interval 300 
-access-list outside_acl_in permit 50 any any log 0 interval 300 
-access-list inside_acl_in permit 50 any any log 0 interval 300 
-access-list dmz_acl_in permit 50 any any log 0 interval 300 
+access-list dmz_acl_in permit icmp any host 192.168.2.1 3 log 0 interval 300
+access-list outside_acl_in permit icmp any any 3 log 0 interval 300
+access-list inside_acl_in permit icmp any any 3 log 0 interval 300
+access-list dmz_acl_in permit icmp any any 3 log 0 interval 300
+access-list outside_acl_in permit 47 any any log 0 interval 300
+access-list inside_acl_in permit 47 any any log 0 interval 300
+access-list dmz_acl_in permit 47 any any log 0 interval 300
+access-list outside_acl_in permit 50 any any log 0 interval 300
+access-list inside_acl_in permit 50 any any log 0 interval 300
+access-list dmz_acl_in permit 50 any any log 0 interval 300
 ! 
 ! Rule  12 (global)
 access-list outside_acl_in permit ip object-group inside.id17298X54624.dst.net.0 object-group outside.id17384X54624.dst.net.0 
@@ -352,9 +352,9 @@ access-list inside_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80
 access-list dmz_acl_in permit tcp any gt 1024 host 192.168.1.10 eq 80 
 ! 
 ! Rule  23 (global)
-access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300 
-access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 0 interval 300 
-access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 0 interval 300 
+access-list outside_acl_in permit ip host 22.22.22.22 host 22.22.22.22 log 0 interval 300
+access-list inside_acl_in permit ip host 192.168.1.1 host 192.168.1.1 log 0 interval 300
+access-list dmz_acl_in permit ip host 192.168.2.1 host 192.168.2.1 log 0 interval 300
 ! 
 ! Rule  24 (global)
 access-list outside_acl_in permit ip host 22.22.22.22 any 
@@ -363,9 +363,9 @@ access-list dmz_acl_in permit ip host 192.168.2.1 any
 access-list inside_acl_in permit ip 192.168.1.0 255.255.255.0 any 
 ! 
 ! Rule  25 (global)
-access-list outside_acl_in deny   ip any any log 0 interval 300 
-access-list inside_acl_in deny   ip any any log 0 interval 300 
-access-list dmz_acl_in deny   ip any any log 0 interval 300 
+access-list outside_acl_in deny   ip any any log 0 interval 300
+access-list inside_acl_in deny   ip any any log 0 interval 300
+access-list dmz_acl_in deny   ip any any log 0 interval 300
 
 
 access-group dmz_acl_in in interface dmz
diff --git a/test/pix/objects-for-regression-tests.fwb b/test/pix/objects-for-regression-tests.fwb
index 9909d370b..7b00fdfd4 100644
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294446618" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294882163" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -524,6 +524,15 @@
           <ObjectRef ref="id4388C37D674"/>
           <ObjectRef ref="id4389EE9118346"/>
         </ObjectGroup>
+        <ObjectGroup id="id21078X3710" name="outside_group" comment="" ro="False">
+          <ObjectRef ref="id23297X67574"/>
+          <ObjectRef ref="id19852X26146"/>
+          <ObjectRef ref="id622710X3710"/>
+        </ObjectGroup>
+        <ObjectGroup id="id21119X3720" name="outside_group_2" comment="" ro="False">
+          <ObjectRef ref="id19852X26146"/>
+          <ObjectRef ref="id21130X3720"/>
+        </ObjectGroup>
       </ObjectGroup>
       <ObjectGroup id="stdid02_1" name="Hosts" comment="" ro="False">
         <Host id="id3F8F9622" name="DMZhost1" comment="" ro="False">
@@ -1224,11 +1233,13 @@
         <Network id="id69063X11724" name="n10.1.6.0" comment="" ro="False" address="10.1.6.0" netmask="255.255.255.0"/>
         <Network id="id178241X29963" name="internal_subnet_1" comment="" ro="False" address="192.168.1.0" netmask="255.255.255.192"/>
         <Network id="id178250X29963" name="internal_subnet_2" comment="" ro="False" address="192.168.1.64" netmask="255.255.255.192"/>
+        <Network id="id21130X3720" name="ext_subnet" comment="" ro="False" address="22.22.22.128" netmask="255.255.255.224"/>
       </ObjectGroup>
       <ObjectGroup id="stdid15_1" name="Address Ranges" comment="" ro="False">
         <AddressRange id="id3CD8769F" name="test_range_1" comment="" ro="False" start_address="192.168.1.11" end_address="192.168.1.15"/>
         <AddressRange id="id3D0F7F89" name="test_range_2" comment="" ro="False" start_address="192.168.1.250" end_address="192.168.1.255"/>
         <AddressRange id="id3D196750" name="outside_range" comment="" ro="False" start_address="22.22.22.21" end_address="22.22.22.25"/>
+        <AddressRange id="id622710X3710" name="outside_range-1" comment="" ro="False" start_address="22.22.22.30" end_address="22.22.22.40"/>
       </ObjectGroup>
     </ObjectGroup>
     <ServiceGroup id="stdid05_1" name="Services" comment="" ro="False">
@@ -18228,7 +18239,7 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294875498" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
+      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294882747" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
         <NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -18562,7 +18573,61 @@ no sysopt nodnsalias outbound
               <Option name="color">#7694C0</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id132365X22142" disabled="False" group="" position="14" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
+          <NATRule id="id21121X3710" disabled="False" group="" position="14" action="Translate" comment="for #1908  &quot;static&quot; vs &quot;dynamic&quot;&#10;for #1885 &quot;named object&quot; - create &#10;network object to define address range, then add it to object-group">
+            <OSrc neg="False">
+              <ObjectRef ref="host-hostA"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id21078X3710"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="asa8_nat_auto">True</Option>
+              <Option name="asa8_nat_dns">False</Option>
+              <Option name="asa8_nat_dynamic">False</Option>
+              <Option name="asa8_nat_static">False</Option>
+              <Option name="color">#7694C0</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id21177X3720" disabled="False" group="" position="15" action="Translate" comment="for #1908, #1916&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="host-hostA"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id21119X3720"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="asa8_nat_auto">True</Option>
+              <Option name="asa8_nat_dns">False</Option>
+              <Option name="asa8_nat_dynamic">False</Option>
+              <Option name="asa8_nat_static">False</Option>
+              <Option name="color">#7694C0</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id132365X22142" disabled="False" group="" position="16" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
             <OSrc neg="False">
               <ObjectRef ref="id3D196750"/>
             </OSrc>
@@ -18589,7 +18654,7 @@ no sysopt nodnsalias outbound
               <Option name="color">#7694C0</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id188268X22142" disabled="False" group="" position="15" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
+          <NATRule id="id188268X22142" disabled="False" group="" position="17" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
             <OSrc neg="False">
               <ObjectRef ref="id178241X29963"/>
             </OSrc>
@@ -18613,7 +18678,7 @@ no sysopt nodnsalias outbound
               <Option name="color">#7694C0</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id244282X22142" disabled="False" group="" position="16" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
+          <NATRule id="id244282X22142" disabled="False" group="" position="18" action="Translate" comment="for #1908&#10;&quot;static&quot; vs &quot;dynamic&quot;&#10;">
             <OSrc neg="False">
               <ObjectRef ref="id178241X29963"/>
             </OSrc>
@@ -18640,7 +18705,7 @@ no sysopt nodnsalias outbound
               <Option name="color">#7694C0</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id301880X21607" disabled="False" group="" position="17" action="Translate" comment="">
+          <NATRule id="id301880X21607" disabled="False" group="" position="19" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig
index c0916238b..6b5b9dae7 100755
--- a/test/pix/pix515.fw.orig
+++ b/test/pix/pix515.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:30 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:34 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
@@ -128,9 +128,9 @@ access-list inside_acl_in permit ip 10.3.14.0 255.255.255.0 any
 ! 
 ! Rule  5 (global)
 access-list outside_acl_in  remark 5 (global)
-access-list outside_acl_in deny   ip any any 
+access-list outside_acl_in deny   ip any any log 6 interval 300
 access-list inside_acl_in  remark 5 (global)
-access-list inside_acl_in deny   ip any any 
+access-list inside_acl_in deny   ip any any log 6 interval 300
 
 
 access-group inside_acl_in in interface inside
diff --git a/test/pix/quick-cmp.sh b/test/pix/quick-cmp.sh
index e812dd849..e9230df92 100755
--- a/test/pix/quick-cmp.sh
+++ b/test/pix/quick-cmp.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 
-DIFFCMD="diff -C 5 -c -b -B -w -I \"!  Generated\" -I 'Activating ' -I '!  Firewall Builder  fwb_pix v' -I 'Can not find file' -I '====' -I 'log '"
+DIFFCMD="diff -C 5 -c -b -B -w -I \"!  Generated\" -I 'Activating ' -I '!  Firewall Builder  fwb_pix v' -I 'Can not find file' -I '===='"
 
 for f in $(ls *.fw.orig)
 do
diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig
index bce8d76f1..205689050 100755
--- a/test/pix/real.fw.orig
+++ b/test/pix/real.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Wed Jan 12 16:02:31 2011 PST by vadim
+!  Generated Wed Jan 12 17:40:35 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -116,9 +116,9 @@ access-list inside_acl_in permit tcp any host 10.3.14.30 eq 80
 ! 
 ! Rule  4 (global)
 access-list outside_acl_in  remark 4 (global)
-access-list outside_acl_in deny   ip any any log 5 interval 120 
+access-list outside_acl_in deny   ip any any log 5 interval 120
 access-list inside_acl_in  remark 4 (global)
-access-list inside_acl_in deny   ip any any log 5 interval 120 
+access-list inside_acl_in deny   ip any any log 5 interval 120
 
 
 access-group inside_acl_in in interface inside