diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9d65ad6ec..41540eab6 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,9 @@
 2011-01-07  vadim  <vadim@netcitadel.com>
 
+	* NATCompiler_pix.cpp (NATCompiler_pix): fixes #1901 "add
+	destructor to NATCompiler_pix and NATCompiler_asa8". This
+	eliminates memory leak.
+
 	* ASA8Object.cpp (ASA8Object): refs #1885 "named network and
 	service objects in pix8". So far, these objects are only used
 	for nat configuration.
diff --git a/src/cisco_lib/NATCompiler_asa8.h b/src/cisco_lib/NATCompiler_asa8.h
index aaf3cec0f..f38147f16 100644
--- a/src/cisco_lib/NATCompiler_asa8.h
+++ b/src/cisco_lib/NATCompiler_asa8.h
@@ -105,7 +105,8 @@ namespace fwcompiler {
                          libfwbuilder::Firewall *fw,
                          bool ipv6_policy,
                          fwcompiler::OSConfigurator *_oscnf);
-
+        virtual ~NATCompiler_asa8();
+        
 	virtual void compile();
 
     };
diff --git a/src/cisco_lib/NATCompiler_asa8_writers.cpp b/src/cisco_lib/NATCompiler_asa8_writers.cpp
index 42c235335..476c9d382 100644
--- a/src/cisco_lib/NATCompiler_asa8_writers.cpp
+++ b/src/cisco_lib/NATCompiler_asa8_writers.cpp
@@ -57,6 +57,16 @@ void NATCompiler_asa8::addASA8Object(const FWObject *obj)
         asa8_object_registry[obj->getId()] = asa8obj;
     }
 }
+
+NATCompiler_asa8::~NATCompiler_asa8()
+{
+    std::map<int, ASA8Object*>::iterator it;
+    for (it=asa8_object_registry.begin(); it!=asa8_object_registry.end(); ++it)
+    {
+        delete it->second;
+    }
+    asa8_object_registry.clear();
+}
         
 ASA8Object* NATCompiler_asa8::getASA8Object(const FWObject *obj)
 {
diff --git a/src/cisco_lib/NATCompiler_pix.cpp b/src/cisco_lib/NATCompiler_pix.cpp
index 4a7ad8e83..c79bec96e 100644
--- a/src/cisco_lib/NATCompiler_pix.cpp
+++ b/src/cisco_lib/NATCompiler_pix.cpp
@@ -73,6 +73,26 @@ NATCompiler_pix::NATCompiler_pix(FWObjectDatabase *_db,
 { 
 }
 
+NATCompiler_pix::~NATCompiler_pix()
+{
+    std::map<int,NATCmd*>::iterator it1;
+    for (it1=nat_commands.begin(); it1!=nat_commands.end(); ++it1)
+    {
+        delete it1->second;
+    }
+    nat_commands.clear();
+
+    std::map<int,StaticCmd*>::iterator it2;
+    for (it2=static_commands.begin(); it2!=static_commands.end(); ++it2)
+    {
+        delete it2->second;
+    }
+    static_commands.clear();
+    nonat_rules.clear();
+    first_nonat_rule_id.clear();
+    if (final_ruleset != NULL) delete final_ruleset;
+
+}
 
 /*
  * Do not expand interfaces in ODst and TSrc
diff --git a/src/cisco_lib/NATCompiler_pix.h b/src/cisco_lib/NATCompiler_pix.h
index 782a8be4c..c579bb4c1 100644
--- a/src/cisco_lib/NATCompiler_pix.h
+++ b/src/cisco_lib/NATCompiler_pix.h
@@ -502,7 +502,8 @@ namespace fwcompiler {
                         libfwbuilder::Firewall *fw,
                         bool ipv6_policy,
                         fwcompiler::OSConfigurator *_oscnf);
-
+        virtual ~NATCompiler_pix();
+        
 	virtual int  prolog();
 	virtual void compile();
 	virtual void epilog();