diff --git a/doc/ChangeLog b/doc/ChangeLog
index 1b70cc1a6..630653024 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,9 @@
 2011-01-11  vadim  <vadim@netcitadel.com>
 
+	* NATCompiler_asa8_writers.cpp (printSDNAT): refs #1902 "Add NAT
+	rule option "translate dns" for PIX". The option is only available
+	for ASA 8.3 or later.
+
 	* NATCompiler_asa8_writers.cpp (printSDNAT): fixed #1909 "ASA NAT
 	- static nat port translation where service is the same for
 	original service and translated service not generated correctly"
diff --git a/src/cisco_lib/NATCompiler_asa8.cpp b/src/cisco_lib/NATCompiler_asa8.cpp
index 85651fb34..be4e33f74 100644
--- a/src/cisco_lib/NATCompiler_asa8.cpp
+++ b/src/cisco_lib/NATCompiler_asa8.cpp
@@ -64,20 +64,44 @@ NATCompiler_asa8::NATCompiler_asa8(FWObjectDatabase *_db,
 { 
 }
 
+/*
+ * Option "translate dns" can not be used if the rule has "destination"
+ * part.
+ */
+bool NATCompiler_asa8::VerifyValidityOfDNSOption::processNext()
+{
+    NATRule *rule = getNext(); if (rule==NULL) return false;
+    FWOptions *ropt = rule->getOptionsObject();
+
+    if (ropt->getBool("asa8_nat_dns"))
+    {
+        Address *odst = compiler->getFirstODst(rule);  assert(odst);
+        if (!odst->isAny())
+        {
+            compiler->abort(rule,
+                            "Option 'translate dns' can not be used in combination "
+                            "with destination matching or translation");
+        }
+
+        Service  *osrv = compiler->getFirstOSrv(rule);  assert(osrv);
+        if (!osrv->isAny())
+        {
+            compiler->abort(rule,
+                            "Option 'translate dns' can not be used in combination "
+                            "with service matching or translation");
+        }
+
+    }
+
+    tmp_queue.push_back(rule);
+    return true;
+}
+
 bool NATCompiler_asa8::VerifyRules::processNext()
 {
     NATRule *rule = getNext(); if (rule==NULL) return false;
     string version = compiler->fw->getStr("version");
 
-    // if (rule->getRuleType()==NATRule::SDNAT) 
-    // {
-    //     compiler->abort(
-    //         rule, 
-    //         "Rules that translate both source and destination are not supported.");
-    //     return true;
-    // }
-
-
     RuleElementOSrc  *osrc=rule->getOSrc();  assert(osrc);
     RuleElementODst  *odst=rule->getODst();  assert(odst);
     RuleElementOSrv  *osrv=rule->getOSrv();  assert(osrv);
@@ -264,6 +288,8 @@ void NATCompiler_asa8::compile()
              "verify rule elements for static NAT rules"));
     add( new processNONATRules("process NONAT" ));
 
+    add( new VerifyValidityOfDNSOption("Check validity of 'translate dns' option"));
+
 /* REMOVE_OLD_OPTIMIZATIONS
    if (fw->getOptionsObject()->getBool("pix_optimize_default_nat"))
    add (new clearOSrc ("clear OSrc" ));
diff --git a/src/cisco_lib/NATCompiler_asa8.h b/src/cisco_lib/NATCompiler_asa8.h
index f38147f16..a26af37d6 100644
--- a/src/cisco_lib/NATCompiler_asa8.h
+++ b/src/cisco_lib/NATCompiler_asa8.h
@@ -57,7 +57,12 @@ namespace fwcompiler {
         DECLARE_NAT_RULE_PROCESSOR(VerifyRules);
 
         DECLARE_NAT_RULE_PROCESSOR(PrintObjectsForNat);
-            
+
+        /*
+         * Check if "translate dns" option can be used with the rule
+         */
+        DECLARE_NAT_RULE_PROCESSOR(VerifyValidityOfDNSOption);
+
 	/**
 	 * this processor accumulates all rules fed to it by previous
 	 * processors, then prints PIX commands to clear
diff --git a/src/cisco_lib/NATCompiler_asa8_writers.cpp b/src/cisco_lib/NATCompiler_asa8_writers.cpp
index b5e8614ee..8b3041c71 100644
--- a/src/cisco_lib/NATCompiler_asa8_writers.cpp
+++ b/src/cisco_lib/NATCompiler_asa8_writers.cpp
@@ -161,6 +161,8 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
     NATCompiler_asa8 *pix_comp = dynamic_cast<NATCompiler_asa8*>(compiler);
     // NATCmd *natcmd = pix_comp->nat_commands[ rule->getInt("nat_cmd") ];
 
+    FWOptions *ropt = rule->getOptionsObject();
+
     QStringList cmd;
 
     Address  *osrc = compiler->getFirstOSrc(rule);  assert(osrc);
@@ -214,6 +216,8 @@ void NATCompiler_asa8::PrintRule::printSDNAT(NATRule *rule)
             cmd << pix_comp->getASA8Object(tsrv)->getCommandWord();
     }
 
+    if (ropt->getBool("asa8_nat_dns")) cmd << "dns";
+
     compiler->output << cmd.join(" ").toStdString() << endl;
 }
 
diff --git a/src/libgui/NATRuleOptionsDialog.cpp b/src/libgui/NATRuleOptionsDialog.cpp
index 6979f50ee..5e0772000 100644
--- a/src/libgui/NATRuleOptionsDialog.cpp
+++ b/src/libgui/NATRuleOptionsDialog.cpp
@@ -71,11 +71,13 @@ void NATRuleOptionsDialog::getHelpName(QString *str)
 
 void NATRuleOptionsDialog::loadFWObject(FWObject *o)
 {
-    obj=o;
+    obj = o;
 
-    FWObject *p=obj;
-    while ( !Firewall::cast(p) ) p=p->getParent();
-    platform=p->getStr("platform").c_str();
+    FWObject *p = obj;
+    while ( !Firewall::cast(p) ) p = p->getParent();
+    platform = p->getStr("platform").c_str();
+
+    string version = p->getStr("version");
 
     Rule      *rule = dynamic_cast<Rule*>(o);
     FWOptions *ropt = rule->getOptionsObject();
@@ -85,10 +87,10 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
     //         .arg(rule->getTypeName().c_str())
     //         .arg(rule->getPosition()));
 
-    int wid=0;
+    int wid = 0;
     if (platform=="ipf")      wid=0;
     if (platform=="ipfw")     wid=0;
-    if (platform=="pix" || platform=="fwsm") wid=0;
+    if (platform=="pix" || platform=="fwsm") wid = 3;
     if (platform=="iptables") wid=1;
     if (platform=="pf")       wid=2;
 
@@ -102,12 +104,12 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
         data.registerOption(m_dialog->ipt_use_snat_instead_of_masq, ropt,
                             "ipt_use_snat_instead_of_masq");
         data.registerOption(m_dialog->ipt_nat_random, ropt, "ipt_nat_random");
-        data.registerOption(m_dialog->ipt_nat_persistent, ropt, "ipt_nat_persistent");
+        data.registerOption(m_dialog->ipt_nat_persistent,ropt,"ipt_nat_persistent");
     }
 
     if (platform=="pf")
     {
-        data.registerOption(m_dialog->pf_pool_type_none, ropt,  "pf_pool_type_none" );
+        data.registerOption(m_dialog->pf_pool_type_none, ropt, "pf_pool_type_none");
         data.registerOption(m_dialog->pf_bitmask       , ropt,  "pf_bitmask" );
         data.registerOption(m_dialog->pf_random        , ropt,  "pf_random" );
         data.registerOption(m_dialog->pf_source_hash   , ropt,  "pf_source_hash" );
@@ -115,7 +117,14 @@ void NATRuleOptionsDialog::loadFWObject(FWObject *o)
         data.registerOption(m_dialog->pf_static_port   , ropt,  "pf_static_port" );
     }
 
-    init=true;
+    if (platform=="pix" || platform=="fwsm")
+    {
+        m_dialog->asa8_nat_dns->setEnabled(
+            libfwbuilder::XMLTools::version_compare(version,"8.3")>=0);
+        data.registerOption(m_dialog->asa8_nat_dns   , ropt,  "asa8_nat_dns" );
+    }
+
+    init = true;
     data.loadAll();
     //apply->setEnabled( false );
     init=false;
diff --git a/src/libgui/natruleoptionsdialog_q.ui b/src/libgui/natruleoptionsdialog_q.ui
index 79d038f22..2a869c91f 100644
--- a/src/libgui/natruleoptionsdialog_q.ui
+++ b/src/libgui/natruleoptionsdialog_q.ui
@@ -23,7 +23,7 @@
       <enum>QFrame::Sunken</enum>
      </property>
      <property name="currentIndex">
-      <number>1</number>
+      <number>3</number>
      </property>
      <widget class="QWidget" name="WStackPage">
       <layout class="QVBoxLayout">
@@ -283,6 +283,36 @@
        </item>
       </layout>
      </widget>
+     <widget class="QWidget" name="ASA8NATRuleOptions">
+      <layout class="QGridLayout" name="gridLayout_3">
+       <property name="margin">
+        <number>12</number>
+       </property>
+       <property name="spacing">
+        <number>12</number>
+       </property>
+       <item row="0" column="0">
+        <widget class="QCheckBox" name="asa8_nat_dns">
+         <property name="text">
+          <string>Make this NAT rule translate DNS replies. You also need to enable DNS inspection in the firewall object advanced settings dialog.</string>
+         </property>
+        </widget>
+       </item>
+       <item row="1" column="0">
+        <spacer name="verticalSpacer_3">
+         <property name="orientation">
+          <enum>Qt::Vertical</enum>
+         </property>
+         <property name="sizeHint" stdset="0">
+          <size>
+           <width>20</width>
+           <height>265</height>
+          </size>
+         </property>
+        </spacer>
+       </item>
+      </layout>
+     </widget>
     </widget>
    </item>
   </layout>
@@ -433,6 +463,22 @@
     </hint>
    </hints>
   </connection>
+  <connection>
+   <sender>asa8_nat_dns</sender>
+   <signal>stateChanged(int)</signal>
+   <receiver>NATRuleOptionsDialog_q</receiver>
+   <slot>changed()</slot>
+   <hints>
+    <hint type="sourcelabel">
+     <x>470</x>
+     <y>32</y>
+    </hint>
+    <hint type="destinationlabel">
+     <x>470</x>
+     <y>172</y>
+    </hint>
+   </hints>
+  </connection>
  </connections>
  <slots>
   <slot>changed()</slot>
diff --git a/src/libgui/platforms.cpp b/src/libgui/platforms.cpp
index 658ce4481..ff1112dbb 100644
--- a/src/libgui/platforms.cpp
+++ b/src/libgui/platforms.cpp
@@ -360,6 +360,11 @@ bool isDefaultNATRuleOptions(FWOptions *opt)
                      ! opt->getBool("pf_round_robin")  &&
                      ! opt->getBool("pf_static_port") ) );
 	}
+
+	if (platform=="pix" || platform=="fwsm")
+        {
+            res = (!opt->getBool("asa8_nat_dns"));
+        }
     }
     return res;
 }
diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig
index db687376e..403191ac1 100755
--- a/test/pix/cluster1-1_pix1.fw.orig
+++ b/test/pix/cluster1-1_pix1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:22 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:28 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig
index ddb1e2c6d..eda0fc493 100755
--- a/test/pix/cluster1-1_pix2.fw.orig
+++ b/test/pix/cluster1-1_pix2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:22 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:28 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig
index 66563540b..82a33ed60 100755
--- a/test/pix/cluster1_pix1.fw.orig
+++ b/test/pix/cluster1_pix1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:21 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:28 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig
index 795597909..3ad67a9d2 100755
--- a/test/pix/cluster1_pix2.fw.orig
+++ b/test/pix/cluster1_pix2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:21 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:28 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig
index 831d21ba8..15ce5b671 100755
--- a/test/pix/firewall.fw.orig
+++ b/test/pix/firewall.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:25:58 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:04 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig
index 0755c99c6..d40ae6413 100755
--- a/test/pix/firewall1.fw.orig
+++ b/test/pix/firewall1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:25:58 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:05 2011 PST by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig
index 3f6c44729..c97947b8e 100755
--- a/test/pix/firewall10.fw.orig
+++ b/test/pix/firewall10.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:25:59 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:05 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig
index 33b61738f..ceef7419d 100755
--- a/test/pix/firewall11.fw.orig
+++ b/test/pix/firewall11.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:00 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:06 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig
index 42a02f0c7..74adb9c0a 100755
--- a/test/pix/firewall12.fw.orig
+++ b/test/pix/firewall12.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:01 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:07 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig
index 617fdae02..69c7a393e 100755
--- a/test/pix/firewall13.fw.orig
+++ b/test/pix/firewall13.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:01 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:07 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig
index 5424a0d25..8c7646b3d 100755
--- a/test/pix/firewall14.fw.orig
+++ b/test/pix/firewall14.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:02 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:08 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig
index 2c687395c..8fa3cbef8 100755
--- a/test/pix/firewall2.fw.orig
+++ b/test/pix/firewall2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:03 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:09 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig
index 0bd53f1e5..125d8f5de 100755
--- a/test/pix/firewall20.fw.orig
+++ b/test/pix/firewall20.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:03 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:09 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig
index 11720c83d..041dd871e 100755
--- a/test/pix/firewall21-1.fw.orig
+++ b/test/pix/firewall21-1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:05 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:11 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig
index 6ee8faf9e..5d7a6f6ec 100755
--- a/test/pix/firewall21.fw.orig
+++ b/test/pix/firewall21.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:04 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:10 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig
index 632b4afb9..04b50c07d 100755
--- a/test/pix/firewall22.fw.orig
+++ b/test/pix/firewall22.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:05 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:11 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig
index 6ec190f91..d3c6da4ba 100755
--- a/test/pix/firewall3.fw.orig
+++ b/test/pix/firewall3.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:06 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:12 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig
index 8f549448a..8d84592e8 100755
--- a/test/pix/firewall33.fw.orig
+++ b/test/pix/firewall33.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:07 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:13 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig
index 8cf183219..025a30867 100755
--- a/test/pix/firewall34.fw.orig
+++ b/test/pix/firewall34.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:08 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:14 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig
index dcb9fba48..5ad134d15 100755
--- a/test/pix/firewall4.fw.orig
+++ b/test/pix/firewall4.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:08 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:15 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig
index b9b777ca3..36fa70ff9 100755
--- a/test/pix/firewall50.fw.orig
+++ b/test/pix/firewall50.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:09 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:16 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig
index a12d41ccb..79549dba3 100755
--- a/test/pix/firewall6.fw.orig
+++ b/test/pix/firewall6.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:10 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:16 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig
index 23fe3db8c..5f86a7cdd 100755
--- a/test/pix/firewall8.fw.orig
+++ b/test/pix/firewall8.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:11 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:17 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig
index c68337495..ca9bca178 100755
--- a/test/pix/firewall80.fw.orig
+++ b/test/pix/firewall80.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:11 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:18 2011 PST by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig
index 30eee4282..dff1ea1ca 100755
--- a/test/pix/firewall81.fw.orig
+++ b/test/pix/firewall81.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:12 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:19 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig
index 8388e8681..7105e8e4c 100755
--- a/test/pix/firewall82.fw.orig
+++ b/test/pix/firewall82.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:13 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:19 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig
index 3337cf51c..6cb7700f4 100755
--- a/test/pix/firewall83.fw.orig
+++ b/test/pix/firewall83.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:13 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:20 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig
index baec182e2..790853846 100755
--- a/test/pix/firewall9.fw.orig
+++ b/test/pix/firewall9.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:14 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:21 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig
index 013419246..3fcd1b3d1 100755
--- a/test/pix/firewall90.fw.orig
+++ b/test/pix/firewall90.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:15 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:21 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@@ -16,7 +16,8 @@
 ! testing new style ASA 8.3 nat commands
 ! SNAT rules
 
-
+! N firewall90:NAT:10: error: Option 'translate dns' can not be used in combination with destination matching or translation
+! N firewall90:NAT:11: error: Option 'translate dns' can not be used in combination with service matching or translation
 
 !
 ! Prolog script:
@@ -180,6 +181,22 @@ nat (inside,outside) source dynamic hostA:eth0 external_gw2 service smtp smtp
 ! For #1907
 nat (inside,outside) source dynamic hostA:eth0 outside_range service smtp smtp
 nat (inside,outside) source dynamic hostA:eth0 interface service smtp smtp
+! 
+! Rule  9 (NAT)
+! for #1902
+nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 dns
+! 
+! Rule  10 (NAT)
+! for #1902
+! can't use dns with destination matching or translation
+! firewall90:NAT:10: error: Option 'translate dns' can not be used in combination with destination matching or translation
+nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 destination static spamhost1 spamhost1 dns
+! 
+! Rule  11 (NAT)
+! for #1902
+! cant use dns with service translation either
+! firewall90:NAT:11: error: Option 'translate dns' can not be used in combination with service matching or translation
+nat (inside,outside) source dynamic internal_subnet_1 firewall90:FastEthernet1:ip-1 service smtp smtp dns
 
 
 
diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig
index ec4039127..60c031c5d 100755
--- a/test/pix/firewall91.fw.orig
+++ b/test/pix/firewall91.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:15 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:22 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig
index 4ad2ec9d3..132880990 100755
--- a/test/pix/firewall92.fw.orig
+++ b/test/pix/firewall92.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:16 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:23 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig
index 76f9675cb..412eff399 100755
--- a/test/pix/fwsm1.fw.orig
+++ b/test/pix/fwsm1.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:17 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:23 2011 PST by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig
index 58f8ded4c..0ad1b80a6 100755
--- a/test/pix/fwsm2.fw.orig
+++ b/test/pix/fwsm2.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:18 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:24 2011 PST by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported
diff --git a/test/pix/objects-for-regression-tests.fwb b/test/pix/objects-for-regression-tests.fwb
index 446b6df59..70ad41c39 100644
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@@ -18228,7 +18228,7 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294770341" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
+      <Firewall id="id19839X26146" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1294771876" platform="pix" version="8.3" name="firewall90" comment="testing new style ASA 8.3 nat commands&#10;SNAT rules&#10;" ro="False">
         <NAT id="id19920X26146" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id19921X26146" disabled="False" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -18313,7 +18313,9 @@ no sysopt nodnsalias outbound
             <TSrv neg="False">
               <ServiceRef ref="sysid1"/>
             </TSrv>
-            <NATRuleOptions/>
+            <NATRuleOptions>
+              <Option name="asa8_nat_dns">False</Option>
+            </NATRuleOptions>
           </NATRule>
           <NATRule id="id20069X32406" disabled="False" group="" position="4" action="Translate" comment="">
             <OSrc neg="False">
@@ -18334,7 +18336,9 @@ no sysopt nodnsalias outbound
             <TSrv neg="False">
               <ServiceRef ref="sysid1"/>
             </TSrv>
-            <NATRuleOptions/>
+            <NATRuleOptions>
+              <Option name="asa8_nat_dns">False</Option>
+            </NATRuleOptions>
           </NATRule>
           <NATRule id="id178073X29963" disabled="False" group="" position="5" action="Translate" comment="">
             <OSrc neg="False">
@@ -18431,6 +18435,78 @@ no sysopt nodnsalias outbound
               <Option name="color">#C0BA44</Option>
             </NATRuleOptions>
           </NATRule>
+          <NATRule id="id168272X32146" disabled="False" group="" position="9" action="Translate" comment="for #1902&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="id178241X29963"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id20049X29963"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="asa8_nat_dns">True</Option>
+              <Option name="color">#8BC065</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id168336X32146" disabled="False" group="" position="10" action="Translate" comment="for #1902&#10;can't use dns with destination matching or translation&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="id178241X29963"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id4388C37D674"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id20049X29963"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="asa8_nat_dns">True</Option>
+              <Option name="color">#8BC065</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id168390X32146" disabled="False" group="" position="11" action="Translate" comment="for #1902&#10;cant use dns with service translation either&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="id178241X29963"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="tcp-SMTP"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id20049X29963"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="asa8_nat_dns">True</Option>
+              <Option name="color">#8BC065</Option>
+            </NATRuleOptions>
+          </NATRule>
           <RuleSetOptions/>
         </NAT>
         <Policy id="id19857X26146" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig
index 43277abc0..ffa103b65 100755
--- a/test/pix/pix515.fw.orig
+++ b/test/pix/pix515.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:19 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:25 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig
index 068dd3e55..ff82f54a2 100755
--- a/test/pix/real.fw.orig
+++ b/test/pix/real.fw.orig
@@ -3,7 +3,7 @@
 !
 !  Firewall Builder  fwb_pix v4.2.0.3427
 !
-!  Generated Tue Jan 11 10:26:19 2011 PST by vadim
+!  Generated Tue Jan 11 10:54:26 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported