diff --git a/doc/ChangeLog b/doc/ChangeLog
index 3f3ba4ac8..d4c09ef4d 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,9 @@
+2011-01-13  vadim  <vadim@netcitadel.com>
+
+	* ASA8ObjectGroup.cpp (toString): refs #1885 Compiler uses named
+	objects and objects groups to build configurations that use
+	address ranges in TSrc in NAT rules. (only ASA 8.3 and later)
+
 2011-01-12  Vadim Kurland  <vadim@netcitadel.com>
 
 	* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1907 "ASA NAT -
diff --git a/src/cisco_lib/ASA8Object.cpp b/src/cisco_lib/ASA8Object.cpp
index 3bcb19300..b7267aa2d 100644
--- a/src/cisco_lib/ASA8Object.cpp
+++ b/src/cisco_lib/ASA8Object.cpp
@@ -187,4 +187,11 @@ QString ASA8Object::getCommand()
     return "";
 }
 
+QString ASA8Object::getCommandWhenObjectGroupMember()
+{
+    if (Address::constcast(obj)!=NULL) return "network-object object " + name;
+    if (Service::constcast(obj)!=NULL) return "service-object object " + name;
+    return "";
+}
+
 
diff --git a/src/cisco_lib/ASA8Object.h b/src/cisco_lib/ASA8Object.h
index cb04f86f4..5739c9702 100644
--- a/src/cisco_lib/ASA8Object.h
+++ b/src/cisco_lib/ASA8Object.h
@@ -47,6 +47,7 @@ public:
 
         ASA8Object(const libfwbuilder::FWObject *obj);
         virtual QString getCommand();
+        virtual QString getCommandWhenObjectGroupMember();
         QString getName() { return name; }
         QString getCommandWord();
     };
diff --git a/src/cisco_lib/ASA8ObjectGroup.cpp b/src/cisco_lib/ASA8ObjectGroup.cpp
index c989fe938..ca297cbf9 100644
--- a/src/cisco_lib/ASA8ObjectGroup.cpp
+++ b/src/cisco_lib/ASA8ObjectGroup.cpp
@@ -43,7 +43,8 @@ using namespace fwcompiler;
 
 const char *ASA8ObjectGroup::TYPENAME={"ASA8ObjectGroup"};
 
-string ASA8ObjectGroup::toString()  throw(FWException)
+string ASA8ObjectGroup::toString(std::map<int, ASA8Object*> &named_objects_registry)
+    throw(FWException)
 {
     ostringstream ostr;
 
@@ -57,6 +58,15 @@ string ASA8ObjectGroup::toString()  throw(FWException)
         FWObject *obj = o;
         if (FWReference::cast(o)!=NULL) obj=FWReference::cast(o)->getPointer();
 
+        ASA8Object *named_object = named_objects_registry[obj->getId()];
+        if (named_object)
+        {
+            ostr << " "
+                 << named_object->getCommandWhenObjectGroupMember().toStdString();
+            ostr << endl;
+            continue;
+        }
+
         if (this->getObjectGroupType() == NETWORK)
         {
             Address *a = Address::cast(obj);
diff --git a/src/cisco_lib/ASA8ObjectGroup.h b/src/cisco_lib/ASA8ObjectGroup.h
index 9459975c0..2184a2ee0 100644
--- a/src/cisco_lib/ASA8ObjectGroup.h
+++ b/src/cisco_lib/ASA8ObjectGroup.h
@@ -40,7 +40,8 @@ public:
 
         virtual std::string getObjectGroupClass();
         virtual std::string getObjectGroupHeader();
-        virtual std::string toString() throw(libfwbuilder::FWException);
+        virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
+            throw(libfwbuilder::FWException);
     
     };
 }
diff --git a/src/cisco_lib/BaseObjectGroup.cpp b/src/cisco_lib/BaseObjectGroup.cpp
index c3b96ed06..af88d51bd 100644
--- a/src/cisco_lib/BaseObjectGroup.cpp
+++ b/src/cisco_lib/BaseObjectGroup.cpp
@@ -38,6 +38,7 @@
 #include <sstream>
 
 using namespace libfwbuilder;
+using namespace fwcompiler;
 using namespace std;
 
 map<string,int>  BaseObjectGroup::nc;
@@ -131,7 +132,7 @@ string BaseObjectGroup::getObjectGroupClass()
     return "";
 }
 
-string BaseObjectGroup::toString()  throw(FWException)
+string BaseObjectGroup::toString(std::map<int, ASA8Object*>&)  throw(FWException)
 {
     return "";
 }
diff --git a/src/cisco_lib/BaseObjectGroup.h b/src/cisco_lib/BaseObjectGroup.h
index 87dfdbcd7..9de53d9cf 100644
--- a/src/cisco_lib/BaseObjectGroup.h
+++ b/src/cisco_lib/BaseObjectGroup.h
@@ -26,54 +26,60 @@
 #ifndef __BASEOBJECTGROUP_HH
 #define __BASEOBJECTGROUP_HH
 
+#include "ASA8Object.h"
+
 #include "fwbuilder/FWObject.h"
 #include "fwbuilder/ObjectGroup.h"
 #include "fwbuilder/ServiceGroup.h"
 #include "fwbuilder/FWException.h"
 
-class BaseObjectGroup : public libfwbuilder::Group {
+namespace fwcompiler {
+
+    class BaseObjectGroup : public libfwbuilder::Group {
 public:
 
-    typedef enum { UNKNOWN, 
-                   NETWORK, 
-                   PROTO, 
-                   ICMP_TYPE, 
-                   TCP_SERVICE, 
-                   UDP_SERVICE,
-                   MIXED_SERVICE } object_group_type;
+        typedef enum { UNKNOWN, 
+                       NETWORK, 
+                       PROTO, 
+                       ICMP_TYPE, 
+                       TCP_SERVICE, 
+                       UDP_SERVICE,
+                       MIXED_SERVICE } object_group_type;
 
 private:
-    object_group_type gt;
-    static std::map<std::string,int>  nc;
+        object_group_type gt;
+        static std::map<std::string,int>  nc;
 
 protected:
-    std::string registerGroupName(const std::string &prefix);
+        std::string registerGroupName(const std::string &prefix);
     
 public:
-    BaseObjectGroup(object_group_type _gt=UNKNOWN) : libfwbuilder::Group() {
-        gt=_gt;
-    }
+BaseObjectGroup(object_group_type _gt=UNKNOWN) : libfwbuilder::Group() {
+            gt=_gt;
+        }
     
-    virtual ~BaseObjectGroup() {};
-    DECLARE_FWOBJECT_SUBTYPE(BaseObjectGroup);
+        virtual ~BaseObjectGroup() {};
+        DECLARE_FWOBJECT_SUBTYPE(BaseObjectGroup);
 
-    virtual bool  validateChild(FWObject*) { return true; }
+        virtual bool  validateChild(FWObject*) { return true; }
 
-    void setObjectGroupType(object_group_type _gt) { gt=_gt; }
-    object_group_type getObjectGroupType() { return gt; }
+        void setObjectGroupType(object_group_type _gt) { gt=_gt; }
+        object_group_type getObjectGroupType() { return gt; }
 
-    void setObjectGroupTypeFromFWObject(libfwbuilder::FWObject *obj);
+        void setObjectGroupTypeFromFWObject(libfwbuilder::FWObject *obj);
 
-    virtual void setName(const std::string &prefix);
+        virtual void setName(const std::string &prefix);
 
-    bool isServiceGroup();
-    bool isObjectGroup();
-    std::string getSrvTypeName();
+        bool isServiceGroup();
+        bool isObjectGroup();
+        std::string getSrvTypeName();
     
-    virtual std::string getObjectGroupClass();
-    virtual std::string getObjectGroupHeader();
-    virtual std::string toString() throw(libfwbuilder::FWException);
-};
+        virtual std::string getObjectGroupClass();
+        virtual std::string getObjectGroupHeader();
+        virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
+            throw(libfwbuilder::FWException);
+    };
 
+}
 
 #endif
diff --git a/src/cisco_lib/IOSObjectGroup.cpp b/src/cisco_lib/IOSObjectGroup.cpp
index c7851061f..ec646ceb3 100644
--- a/src/cisco_lib/IOSObjectGroup.cpp
+++ b/src/cisco_lib/IOSObjectGroup.cpp
@@ -39,11 +39,13 @@
 #include <sstream>
 
 using namespace libfwbuilder;
+using namespace fwcompiler;
 using namespace std;
 
+
 const char *IOSObjectGroup::TYPENAME={"IOSObjectGroup"};
 
-string IOSObjectGroup::toString()  throw(FWException)
+string IOSObjectGroup::toString(std::map<int, ASA8Object*>&)  throw(FWException)
 {
     ostringstream ostr;
 
diff --git a/src/cisco_lib/IOSObjectGroup.h b/src/cisco_lib/IOSObjectGroup.h
index 9f60eb678..9ae382867 100644
--- a/src/cisco_lib/IOSObjectGroup.h
+++ b/src/cisco_lib/IOSObjectGroup.h
@@ -28,18 +28,21 @@
 
 #include "BaseObjectGroup.h"
 
+namespace fwcompiler {
 
-class IOSObjectGroup : public BaseObjectGroup {
+    class IOSObjectGroup : public BaseObjectGroup {
     
-    public:
-    IOSObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
-    virtual ~IOSObjectGroup() {};
-    DECLARE_FWOBJECT_SUBTYPE(IOSObjectGroup);
+public:
+IOSObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
+        virtual ~IOSObjectGroup() {};
+        DECLARE_FWOBJECT_SUBTYPE(IOSObjectGroup);
 
-    virtual std::string getObjectGroupClass();
-    virtual std::string getObjectGroupHeader();
-    virtual std::string toString() throw(libfwbuilder::FWException);
+        virtual std::string getObjectGroupClass();
+        virtual std::string getObjectGroupHeader();
+        virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
+            throw(libfwbuilder::FWException);
     
-};
+    };
+}
 
 #endif
diff --git a/src/cisco_lib/NATCompiler_asa8.cpp b/src/cisco_lib/NATCompiler_asa8.cpp
index b4282ebd2..56db00bb4 100644
--- a/src/cisco_lib/NATCompiler_asa8.cpp
+++ b/src/cisco_lib/NATCompiler_asa8.cpp
@@ -69,13 +69,6 @@ NATCompiler_asa8::NATCompiler_asa8(FWObjectDatabase *_db,
 
 NATCompiler_asa8::~NATCompiler_asa8()
 {
-    std::map<int, ASA8Object*>::iterator it1;
-    for (it1=asa8_object_registry.begin();
-         it1!=asa8_object_registry.end(); ++it1)
-    {
-        delete it1->second;
-    }
-    asa8_object_registry.clear();
 }
         
 /*
diff --git a/src/cisco_lib/NATCompiler_asa8.h b/src/cisco_lib/NATCompiler_asa8.h
index d3c67d53e..88ce3275c 100644
--- a/src/cisco_lib/NATCompiler_asa8.h
+++ b/src/cisco_lib/NATCompiler_asa8.h
@@ -40,8 +40,6 @@ namespace fwcompiler {
     {
 	public:
 
-        std::map<int, ASA8Object*> asa8_object_registry;
-
         void addASA8Object(const libfwbuilder::FWObject *obj);
         ASA8Object* getASA8Object(const libfwbuilder::FWObject *obj);
         
diff --git a/src/cisco_lib/NATCompiler_asa8_writers.cpp b/src/cisco_lib/NATCompiler_asa8_writers.cpp
index 68ba5e01b..7cf4c9c2b 100644
--- a/src/cisco_lib/NATCompiler_asa8_writers.cpp
+++ b/src/cisco_lib/NATCompiler_asa8_writers.cpp
@@ -52,17 +52,24 @@ using namespace std;
 
 void NATCompiler_asa8::addASA8Object(const FWObject *obj)
 {
-    if (asa8_object_registry[obj->getId()] == NULL)
+    if (BaseObjectGroup::constcast(obj)!=NULL)
+    {
+        for (FWObject::const_iterator i=obj->begin(); i!=obj->end(); ++i)
+        {
+            addASA8Object(FWReference::getObject(*i));
+        }
+    }
+    if (CreateObjectGroups::named_objects[obj->getId()] == NULL)
     {
         ASA8Object *asa8obj = new ASA8Object(obj);
         output << asa8obj->getCommand().toStdString();
-        asa8_object_registry[obj->getId()] = asa8obj;
+        CreateObjectGroups::named_objects[obj->getId()] = asa8obj;
     }
 }
 
 ASA8Object* NATCompiler_asa8::getASA8Object(const FWObject *obj)
 {
-    return asa8_object_registry[obj->getId()];
+    return CreateObjectGroups::named_objects[obj->getId()];
 }
 
 bool NATCompiler_asa8::PrintObjectsForNat::processNext()
diff --git a/src/cisco_lib/ObjectGroupFactory.h b/src/cisco_lib/ObjectGroupFactory.h
index a772ee70a..c6e530604 100644
--- a/src/cisco_lib/ObjectGroupFactory.h
+++ b/src/cisco_lib/ObjectGroupFactory.h
@@ -32,11 +32,14 @@ namespace libfwbuilder {
     class Firewall;
 };
 
-class ObjectGroupFactory {
+namespace fwcompiler {
+
+    class ObjectGroupFactory {
 public:
-    static BaseObjectGroup *createObjectGroup(
-        libfwbuilder::Firewall *fw,
-        BaseObjectGroup::object_group_type _gt=BaseObjectGroup::UNKNOWN);
-};
+        static BaseObjectGroup *createObjectGroup(
+            libfwbuilder::Firewall *fw,
+            BaseObjectGroup::object_group_type _gt=BaseObjectGroup::UNKNOWN);
+    };
+}
 
 #endif
diff --git a/src/cisco_lib/ObjectGroupsSupport.cpp b/src/cisco_lib/ObjectGroupsSupport.cpp
index 316dd1a5f..19af38eb5 100644
--- a/src/cisco_lib/ObjectGroupsSupport.cpp
+++ b/src/cisco_lib/ObjectGroupsSupport.cpp
@@ -58,13 +58,30 @@ using namespace fwcompiler;
 using namespace std;
 
 
-Group *CreateObjectGroups::object_groups = NULL;
+Group* CreateObjectGroups::object_groups = NULL;
+map<int, ASA8Object*> CreateObjectGroups::named_objects;
 
 
 void CreateObjectGroups::init(FWObjectDatabase *db)
 {
     object_groups = new Group();
     db->add( object_groups );
+    if (named_objects.size() > 0) clearNamedObjectsRegistry();
+}
+
+void CreateObjectGroups::clearNamedObjectsRegistry()
+{
+    std::map<int, ASA8Object*>::iterator it1;
+    for (it1=named_objects.begin(); it1!=named_objects.end(); ++it1)
+    {
+        delete it1->second;
+    }
+    named_objects.clear();
+}
+
+CreateObjectGroups::~CreateObjectGroups()
+{
+    clearNamedObjectsRegistry();
 }
 
 BaseObjectGroup* CreateObjectGroups::findObjectGroup(RuleElement *re)
@@ -230,7 +247,7 @@ bool printObjectGroups::processNext()
         compiler->output << endl;
         try
         {
-            compiler->output << og->toString();
+            compiler->output << og->toString(CreateObjectGroups::named_objects);
         } catch (FWException &ex)
         {
             compiler->abort(ex.toString());
diff --git a/src/cisco_lib/ObjectGroupsSupport.h b/src/cisco_lib/ObjectGroupsSupport.h
index 29ead5de3..7cb11052c 100644
--- a/src/cisco_lib/ObjectGroupsSupport.h
+++ b/src/cisco_lib/ObjectGroupsSupport.h
@@ -27,6 +27,7 @@
 #include "config.h"
 
 #include "BaseObjectGroup.h"
+#include "ASA8Object.h"
 
 #include "fwbuilder/Group.h"
 #include "fwbuilder/RuleElement.h"
@@ -40,6 +41,8 @@ namespace fwcompiler
 
     class CreateObjectGroups : public BasicRuleProcessor
     {
+        static void clearNamedObjectsRegistry();
+        
 protected:
 
         std::string re_type;
@@ -53,11 +56,15 @@ protected:
 public:
 // storage for object groups created to be used with PIX command object-group
         static libfwbuilder::Group *object_groups;
+        static std::map<int, ASA8Object*> named_objects;
+
 
         CreateObjectGroups(const std::string &name,
                    const std::string &_ns,
                    const std::string &_type) :
-        BasicRuleProcessor(name) {re_type=_type; name_suffix=_ns; }
+            BasicRuleProcessor(name) {re_type=_type; name_suffix=_ns; }
+
+        virtual ~CreateObjectGroups();
         virtual bool processNext();
 
         static void init(libfwbuilder::FWObjectDatabase *db);
diff --git a/src/cisco_lib/PIXObjectGroup.cpp b/src/cisco_lib/PIXObjectGroup.cpp
index b863e77fd..37831a98c 100644
--- a/src/cisco_lib/PIXObjectGroup.cpp
+++ b/src/cisco_lib/PIXObjectGroup.cpp
@@ -38,11 +38,12 @@
 #include <sstream>
 
 using namespace libfwbuilder;
+using namespace fwcompiler;
 using namespace std;
 
 const char *PIXObjectGroup::TYPENAME={"PIXObjectGroup"};
 
-string PIXObjectGroup::toString()  throw(FWException)
+string PIXObjectGroup::toString(std::map<int, ASA8Object*>&)  throw(FWException)
 {
     ostringstream ostr;
 
diff --git a/src/cisco_lib/PIXObjectGroup.h b/src/cisco_lib/PIXObjectGroup.h
index 95d504adb..b7b9b5cf0 100644
--- a/src/cisco_lib/PIXObjectGroup.h
+++ b/src/cisco_lib/PIXObjectGroup.h
@@ -28,18 +28,21 @@
 
 #include "BaseObjectGroup.h"
 
-
-class PIXObjectGroup : public BaseObjectGroup {
+namespace fwcompiler {
     
-    public:
-    PIXObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
-    virtual ~PIXObjectGroup() {};
-    DECLARE_FWOBJECT_SUBTYPE(PIXObjectGroup);
-
-    virtual std::string getObjectGroupClass();
-    virtual std::string getObjectGroupHeader();
-    virtual std::string toString() throw(libfwbuilder::FWException);
+    class PIXObjectGroup : public BaseObjectGroup {
     
-};
+public:
+        PIXObjectGroup(object_group_type _gt=UNKNOWN) : BaseObjectGroup(_gt) { }
+        virtual ~PIXObjectGroup() {};
+        DECLARE_FWOBJECT_SUBTYPE(PIXObjectGroup);
+
+        virtual std::string getObjectGroupClass();
+        virtual std::string getObjectGroupHeader();
+        virtual std::string toString(std::map<int, ASA8Object*> &named_objects_registry)
+            throw(libfwbuilder::FWException);
+    
+    };
+}
 
 #endif
diff --git a/test/iosacl/auto-interface-test.fw.orig b/test/iosacl/auto-interface-test.fw.orig
index 6f9d717a7..d60bd32f3 100755
--- a/test/iosacl/auto-interface-test.fw.orig
+++ b/test/iosacl/auto-interface-test.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:46 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/c3620.fw.orig b/test/iosacl/c3620.fw.orig
index e408c479f..90cf9f703 100755
--- a/test/iosacl/c3620.fw.orig
+++ b/test/iosacl/c3620.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:46 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:13 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/ccie4u-r1.fw.orig b/test/iosacl/ccie4u-r1.fw.orig
index d900eeb64..88d73bace 100755
--- a/test/iosacl/ccie4u-r1.fw.orig
+++ b/test/iosacl/ccie4u-r1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:46 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/dynamips1-og.fw.orig b/test/iosacl/dynamips1-og.fw.orig
index 00a5d9d20..a942f8717 100755
--- a/test/iosacl/dynamips1-og.fw.orig
+++ b/test/iosacl/dynamips1-og.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:47 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !
diff --git a/test/iosacl/firewall-ipv6-1.fw.orig b/test/iosacl/firewall-ipv6-1.fw.orig
index 88861c317..bbc83e219 100755
--- a/test/iosacl/firewall-ipv6-1.fw.orig
+++ b/test/iosacl/firewall-ipv6-1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:47 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:14 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/firewall-ipv6-2.fw.orig b/test/iosacl/firewall-ipv6-2.fw.orig
index 81f54f7f2..26a4bf377 100755
--- a/test/iosacl/firewall-ipv6-2.fw.orig
+++ b/test/iosacl/firewall-ipv6-2.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:47 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:15 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/firewall-ipv6-3.fw.orig b/test/iosacl/firewall-ipv6-3.fw.orig
index bc3b0a583..fe97dbdf3 100755
--- a/test/iosacl/firewall-ipv6-3.fw.orig
+++ b/test/iosacl/firewall-ipv6-3.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:48 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:15 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/testios1-1.fw.orig b/test/iosacl/testios1-1.fw.orig
index 4de0ef643..862c51454 100755
--- a/test/iosacl/testios1-1.fw.orig
+++ b/test/iosacl/testios1-1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:48 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:16 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/testios1.fw.orig b/test/iosacl/testios1.fw.orig
index 5a41d8c70..1b4a41284 100755
--- a/test/iosacl/testios1.fw.orig
+++ b/test/iosacl/testios1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:48 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:15 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/testios2.fw.orig b/test/iosacl/testios2.fw.orig
index 93965cae2..53317e88c 100755
--- a/test/iosacl/testios2.fw.orig
+++ b/test/iosacl/testios2.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:49 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:16 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/testios20-v12.3.fw.orig b/test/iosacl/testios20-v12.3.fw.orig
index 3449a0041..fc00cbea6 100755
--- a/test/iosacl/testios20-v12.3.fw.orig
+++ b/test/iosacl/testios20-v12.3.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:49 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:17 2011 PST by vadim
 !
 ! Compiled for iosacl 12.3
 !
diff --git a/test/iosacl/testios20.fw.orig b/test/iosacl/testios20.fw.orig
index 120a2f268..16b03323a 100755
--- a/test/iosacl/testios20.fw.orig
+++ b/test/iosacl/testios20.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:49 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:16 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !
diff --git a/test/iosacl/testios3.fw.orig b/test/iosacl/testios3.fw.orig
index 0e7177d43..910035aad 100755
--- a/test/iosacl/testios3.fw.orig
+++ b/test/iosacl/testios3.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:50 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:17 2011 PST by vadim
 !
 ! Compiled for iosacl 12.1
 !
diff --git a/test/iosacl/testios4.fw.orig b/test/iosacl/testios4.fw.orig
index f4cb343e9..ecae30ea9 100755
--- a/test/iosacl/testios4.fw.orig
+++ b/test/iosacl/testios4.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:50 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:17 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !
diff --git a/test/iosacl/testios5-1.fw.orig b/test/iosacl/testios5-1.fw.orig
index 457f717ae..2712107a1 100755
--- a/test/iosacl/testios5-1.fw.orig
+++ b/test/iosacl/testios5-1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:51 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:18 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !
diff --git a/test/iosacl/testios5.fw.orig b/test/iosacl/testios5.fw.orig
index fb522a394..49c772053 100755
--- a/test/iosacl/testios5.fw.orig
+++ b/test/iosacl/testios5.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_iosacl v4.2.0.3426
+!  Firewall Builder  fwb_iosacl v4.2.0.3429
 !
-!  Generated Mon Jan 10 16:30:50 2011 PST by vadim
+!  Generated Tue Jan 11 20:40:18 2011 PST by vadim
 !
 ! Compiled for iosacl 12.4
 !
diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig
index 9f81ad8ea..29e8ed863 100755
--- a/test/pix/cluster1-1_pix1.fw.orig
+++ b/test/pix/cluster1-1_pix1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:49 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:26 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig
index a35920f7c..d51b6963c 100755
--- a/test/pix/cluster1-1_pix2.fw.orig
+++ b/test/pix/cluster1-1_pix2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:49 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:26 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig
index ceb6e25b4..b66eedb2b 100755
--- a/test/pix/cluster1_pix1.fw.orig
+++ b/test/pix/cluster1_pix1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:49 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:25 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig
index ef4a2fc4f..5da95ea89 100755
--- a/test/pix/cluster1_pix2.fw.orig
+++ b/test/pix/cluster1_pix2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:49 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:26 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig
index feb8254a1..9fa248065 100755
--- a/test/pix/firewall.fw.orig
+++ b/test/pix/firewall.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:25 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:01 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig
index ba466f428..efa3d36c1 100755
--- a/test/pix/firewall1.fw.orig
+++ b/test/pix/firewall1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:25 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:02 2011 PST by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig
index 3b35ef603..a9f76d64d 100755
--- a/test/pix/firewall10.fw.orig
+++ b/test/pix/firewall10.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:26 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:03 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig
index 58755183f..7f255eb55 100755
--- a/test/pix/firewall11.fw.orig
+++ b/test/pix/firewall11.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:27 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:04 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig
index 3688524d7..2cbfb4d88 100755
--- a/test/pix/firewall12.fw.orig
+++ b/test/pix/firewall12.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:27 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:04 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig
index fac1c65a0..ff27e32a6 100755
--- a/test/pix/firewall13.fw.orig
+++ b/test/pix/firewall13.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:28 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:05 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig
index bd4b85212..450830f20 100755
--- a/test/pix/firewall14.fw.orig
+++ b/test/pix/firewall14.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:29 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:06 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig
index 50951e0a8..7b1cf64c1 100755
--- a/test/pix/firewall2.fw.orig
+++ b/test/pix/firewall2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:29 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:06 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig
index 14617f4a3..bff9e5003 100755
--- a/test/pix/firewall20.fw.orig
+++ b/test/pix/firewall20.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:30 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:07 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig
index 36986980e..ba4e9ee0e 100755
--- a/test/pix/firewall21-1.fw.orig
+++ b/test/pix/firewall21-1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:31 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:08 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig
index 581f32d85..70fe352b1 100755
--- a/test/pix/firewall21.fw.orig
+++ b/test/pix/firewall21.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:31 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:08 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig
index f37d08aac..e0724c120 100755
--- a/test/pix/firewall22.fw.orig
+++ b/test/pix/firewall22.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:32 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:09 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig
index f24d29820..cc5280ced 100755
--- a/test/pix/firewall3.fw.orig
+++ b/test/pix/firewall3.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:33 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:10 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig
index 81d8eb5fe..b74eb2bb8 100755
--- a/test/pix/firewall33.fw.orig
+++ b/test/pix/firewall33.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:34 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:11 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig
index 3ff6bd3cc..eb69f5c3f 100755
--- a/test/pix/firewall34.fw.orig
+++ b/test/pix/firewall34.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:35 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:12 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
@@ -76,7 +76,6 @@ object-group network outside.id4390C25825682.dst.net.0
  network-object 58.53.82.190 255.255.255.255 
  network-object 58.231.13.78 255.255.255.255 
  network-object  host 61.150.47.112 
- network-object 61.150.47.112 255.255.255.255 
  network-object 61.184.14.102 255.255.255.255 
  network-object 64.106.85.186 255.255.255.255 
  network-object 70.228.60.100 255.255.255.255 
diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig
index 75b43699e..b0f69ef6e 100755
--- a/test/pix/firewall4.fw.orig
+++ b/test/pix/firewall4.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:35 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:12 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig
index 4f31a3e9d..e78868843 100755
--- a/test/pix/firewall50.fw.orig
+++ b/test/pix/firewall50.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:36 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:13 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig
index ba5598779..4758315c4 100755
--- a/test/pix/firewall6.fw.orig
+++ b/test/pix/firewall6.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:37 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:14 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig
index c857033a8..724bd59b2 100755
--- a/test/pix/firewall8.fw.orig
+++ b/test/pix/firewall8.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:38 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:15 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig
index 39e8e63e2..b2b9db8af 100755
--- a/test/pix/firewall80.fw.orig
+++ b/test/pix/firewall80.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:38 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:15 2011 PST by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig
index b32757e3e..7f8bb963a 100755
--- a/test/pix/firewall81.fw.orig
+++ b/test/pix/firewall81.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:39 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:16 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig
index 70d1b8bef..a0f98e8ea 100755
--- a/test/pix/firewall82.fw.orig
+++ b/test/pix/firewall82.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:40 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:17 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig
index 6a3fd8f90..febd6ab0e 100755
--- a/test/pix/firewall83.fw.orig
+++ b/test/pix/firewall83.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:40 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:17 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig
index 682b27ece..71db6f62a 100755
--- a/test/pix/firewall9.fw.orig
+++ b/test/pix/firewall9.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:41 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:18 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig
index 976bf8ac6..4555f9ed6 100755
--- a/test/pix/firewall90.fw.orig
+++ b/test/pix/firewall90.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:42 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:19 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@@ -148,48 +148,108 @@ quit
 object service squid
   service tcp destination eq 3128
 quit
+object service smtps
+  service tcp destination eq 465
+quit
+object network spamhost2
+  host 61.150.47.113
+quit
 
 object network firewall90:FastEthernet1:ip-1
   host 22.22.22.23
 quit
+object network firewall90:FastEthernet1:ip
+  host 22.22.22.22
+quit
+object network external_gw2
+  host 22.22.22.100
+quit
+object network ext_subnet
+  subnet 22.22.22.128 255.255.255.224
+quit
+object network outside_range-1
+  range 22.22.22.30 22.22.22.40
+quit
 
 object-group network outside.id130599X29063.tsrc.net.0
- network-object  host 22.22.22.21 
- network-object  host 22.22.22.22 
- network-object  host 22.22.22.100 
+ network-object object outside_range
+ network-object object firewall90:FastEthernet1:ip
+ network-object object external_gw2
  exit
 
 
 object-group network outside.id20720X27505.tsrc.net.0
- network-object  host 22.22.22.21 
- network-object  host 22.22.22.100 
+ network-object object outside_range
+ network-object object external_gw2
  exit
 
 
 object-group network outside.id241772X29764.tsrc.net.0
- network-object  host 22.22.22.21 
- exit
-
-
-object-group network outside.id643024X27990.tsrc.net.0
- network-object  host 22.22.22.30 
- network-object  host 22.22.22.100 
+ network-object object outside_range
  exit
 
 
 object-group network outside.id643092X27990.tsrc.net.0
- network-object 22.22.22.128 255.255.255.224 
+ network-object object ext_subnet
  exit
 
 
 object-group network outside.id21121X3710.tsrc.net.0
- network-object  host 22.22.22.30 
- network-object  host 22.22.22.100 
+ network-object object outside_range-1
+ network-object object external_gw2
  exit
 
 
 object-group network outside.id21177X3720.tsrc.net.0
- network-object 22.22.22.128 255.255.255.224 
+ network-object object ext_subnet
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.0
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.1
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.2
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.3
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.4
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.5
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.6
+ network-object object outside_range-1
+ network-object object external_gw2
+ exit
+
+
+object-group network outside.id77971X5929.tsrc.net.7
+ network-object object outside_range-1
+ network-object object external_gw2
  exit
 
 ! 
@@ -226,7 +286,7 @@ nat (inside,outside) source dynamic hostA:eth0 outside.id241772X29764.tsrc.net.0
 ! 
 ! Rule  9 (NAT)
 ! For #1907
-nat (inside,outside) source dynamic hostA:eth0 outside.id643024X27990.tsrc.net.0 interface service smtp smtp
+nat (inside,outside) source static hostA:eth0 hostA:eth0 service smtp smtp
 ! 
 ! Rule  10 (NAT)
 ! For #1907
@@ -287,6 +347,17 @@ nat (inside,outside) source static internal_subnet_1 firewall90:FastEthernet1:ip
 ! 
 ! Rule  21 (NAT)
 nat (outside,inside) source static any any destination static interface hostA:eth0 service http squid
+! 
+! Rule  22 (NAT)
+! multiple objects in OSrc, ODst, OSrv and TSrc in various combinations
+nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.0 interface destination static spamhost1 spamhost1 service smtp smtp
+nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.1 interface destination static spamhost1 spamhost1 service smtps smtps
+nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.2 interface destination static spamhost2 spamhost2 service smtp smtp
+nat (inside,outside) source dynamic internal_subnet_1 outside.id77971X5929.tsrc.net.3 interface destination static spamhost2 spamhost2 service smtps smtps
+nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.4 interface destination static spamhost1 spamhost1 service smtp smtp
+nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.5 interface destination static spamhost1 spamhost1 service smtps smtps
+nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.6 interface destination static spamhost2 spamhost2 service smtp smtp
+nat (inside,outside) source dynamic internal_subnet_2 outside.id77971X5929.tsrc.net.7 interface destination static spamhost2 spamhost2 service smtps smtps
 
 
 
diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig
index e060c705b..ad9f579ff 100755
--- a/test/pix/firewall91.fw.orig
+++ b/test/pix/firewall91.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:42 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:19 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig
index dd282421e..f09e65516 100755
--- a/test/pix/firewall92.fw.orig
+++ b/test/pix/firewall92.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:43 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:20 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig
index 56f84ba23..ef82949dd 100755
--- a/test/pix/fwsm1.fw.orig
+++ b/test/pix/fwsm1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:44 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:21 2011 PST by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig
index 9ca09e09f..37e7b7132 100755
--- a/test/pix/fwsm2.fw.orig
+++ b/test/pix/fwsm2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:45 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:22 2011 PST by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported
diff --git a/test/pix/objects-for-regression-tests.fwb b/test/pix/objects-for-regression-tests.fwb
index 477dce057..0e4b8b02a 100644
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294882163" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1294948692" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -442,12 +442,13 @@
         <DNSName id="id4387287A18346" dnsrec="www.google.com" dnsrectype="A" run_time="True" name="google (rt)" comment="" ro="False"/>
       </ObjectGroup>
       <ObjectGroup id="stdid16_1" name="Addresses" comment="" ro="False">
-        <IPv4 id="id4388C37D674" name="spamhost1" comment="" ro="False" address="61.150.47.112" netmask="255.255.255.255"/>
+        <IPv4 id="id4388C37D674" name="spamhost1" comment="" ro="False" address="61.150.47.112" netmask="0.0.0.0"/>
         <IPv4 id="id16325X21455" name="internal gw" comment="" ro="False" address="10.3.14.254" netmask="0.0.0.0"/>
         <IPv4 id="id23261X67574" name="external gw 1" comment="" ro="False" address="22.22.22.254" netmask="0.0.0.0"/>
         <IPv4 id="id23284X67574" name="internal gw 2" comment="" ro="False" address="192.168.1.254" netmask="0.0.0.0"/>
         <IPv4 id="id23297X67574" name="external gw2" comment="" ro="False" address="22.22.22.100" netmask="0.0.0.0"/>
         <IPv4 id="id30235X67574" name="internal gw1" comment="" ro="False" address="192.168.1.254" netmask="0.0.0.0"/>
+        <IPv4 id="id78038X5929" name="spamhost2" comment="" ro="False" address="61.150.47.113" netmask="0.0.0.0"/>
       </ObjectGroup>
       <ObjectGroup id="stdid04_1" name="Groups" comment="" ro="False">
         <ObjectGroup id="id3D420A09" name="dmz-netzone" comment="" ro="False">
@@ -10546,7 +10547,7 @@ no sysopt nodnsalias outbound
           <Option name="verify_interfaces">False</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id4389EDAE18346" host_OS="pix_os" inactive="False" lastCompiled="1147840988" lastInstalled="1142003872" lastModified="1263600473" platform="pix" version="6.3" name="firewall34" comment="testing AddressTable object" ro="False">
+      <Firewall id="id4389EDAE18346" host_OS="pix_os" inactive="False" lastCompiled="1147840988" lastInstalled="1142003872" lastModified="1294948707" platform="pix" version="6.3" name="firewall34" comment="testing AddressTable object" ro="False">
         <NAT id="id4389EE4818346" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id4389EEB018346" disabled="True" position="0" action="Translate" comment="">
             <OSrc neg="True">
@@ -18239,7 +18240,7 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294943249" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
+      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294948743" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
         <NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -18457,7 +18458,7 @@ no sysopt nodnsalias outbound
               <ServiceRef ref="tcp-SMTP"/>
             </OSrv>
             <TSrc neg="False">
-              <ObjectRef ref="id21078X3710"/>
+              <ObjectRef ref="sysid0"/>
             </TSrc>
             <TDst neg="False">
               <ObjectRef ref="sysid0"/>
@@ -18778,6 +18779,32 @@ no sysopt nodnsalias outbound
               <Option name="color">#7694C0</Option>
             </NATRuleOptions>
           </NATRule>
+          <NATRule id="id77971X5929" disabled="False" group="" position="22" action="Translate" comment="multiple objects in OSrc, ODst, OSrv and TSrc in various combinations&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="id178241X29963"/>
+              <ObjectRef ref="id178250X29963"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id4388C37D674"/>
+              <ObjectRef ref="id78038X5929"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-SMTP"/>
+              <ServiceRef ref="id3B4FF04C"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id21078X3710"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="color">#C0C0C0</Option>
+            </NATRuleOptions>
+          </NATRule>
           <RuleSetOptions/>
         </NAT>
         <Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
@@ -19415,7 +19442,7 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id20320X6113" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294446808" platform="pix" version="8.3" name="firewall92" comment="testing new style ASA 8.3 nat commands&#10;no-nat rules (&quot;identity nat&quot;)&#10;&#10;" ro="False">
+      <Firewall id="id20320X6113" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294948707" platform="pix" version="8.3" name="firewall92" comment="testing new style ASA 8.3 nat commands&#10;no-nat rules (&quot;identity nat&quot;)&#10;&#10;" ro="False">
         <NAT id="id20354X6113" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id20818X6113" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig
index 53fe7bbe0..f89b6a961 100755
--- a/test/pix/pix515.fw.orig
+++ b/test/pix/pix515.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:46 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:23 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig
index 7926067d8..3126478b0 100755
--- a/test/pix/real.fw.orig
+++ b/test/pix/real.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3430
 !
-!  Generated Thu Jan 13 10:33:47 2011 PST by vadim
+!  Generated Thu Jan 13 12:44:24 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported