From e2c2725e6b9ce9feb11b3fed4b63a85f6ec29c2f Mon Sep 17 00:00:00 2001
From: Vadim Kurland <vadim@slot.vk.crocodile.org>
Date: Sun, 16 Jan 2011 20:19:43 -0800
Subject: [PATCH] see #1941 ASA NAT - compiler complains about range in
 original destination

---
 doc/ChangeLog                             |  5 ++
 src/cisco_lib/NATCompiler_pix.cpp         | 20 +++---
 test/pix/cluster1-1_pix1.fw.orig          |  4 +-
 test/pix/cluster1-1_pix2.fw.orig          |  4 +-
 test/pix/cluster1_pix1.fw.orig            |  4 +-
 test/pix/cluster1_pix2.fw.orig            |  4 +-
 test/pix/firewall.fw.orig                 |  4 +-
 test/pix/firewall1.fw.orig                |  4 +-
 test/pix/firewall10.fw.orig               |  4 +-
 test/pix/firewall11.fw.orig               |  4 +-
 test/pix/firewall12.fw.orig               |  4 +-
 test/pix/firewall13.fw.orig               |  4 +-
 test/pix/firewall14.fw.orig               |  4 +-
 test/pix/firewall2.fw.orig                |  4 +-
 test/pix/firewall20.fw.orig               |  4 +-
 test/pix/firewall21-1.fw.orig             |  4 +-
 test/pix/firewall21.fw.orig               |  4 +-
 test/pix/firewall22.fw.orig               |  4 +-
 test/pix/firewall3.fw.orig                |  4 +-
 test/pix/firewall33.fw.orig               |  4 +-
 test/pix/firewall34.fw.orig               |  4 +-
 test/pix/firewall4.fw.orig                |  4 +-
 test/pix/firewall50.fw.orig               |  4 +-
 test/pix/firewall6.fw.orig                |  4 +-
 test/pix/firewall8.fw.orig                |  4 +-
 test/pix/firewall80.fw.orig               |  4 +-
 test/pix/firewall81.fw.orig               |  4 +-
 test/pix/firewall82.fw.orig               |  4 +-
 test/pix/firewall83.fw.orig               |  4 +-
 test/pix/firewall9.fw.orig                |  4 +-
 test/pix/firewall90.fw.orig               |  4 +-
 test/pix/firewall91.fw.orig               | 31 +++++++--
 test/pix/firewall92.fw.orig               |  4 +-
 test/pix/fwsm1.fw.orig                    |  4 +-
 test/pix/fwsm2.fw.orig                    |  4 +-
 test/pix/objects-for-regression-tests.fwb | 79 +++++++++++++++++++++--
 test/pix/pix515.fw.orig                   |  4 +-
 test/pix/real.fw.orig                     |  4 +-
 38 files changed, 184 insertions(+), 87 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 3c1ccd5c0..0acbde04c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,5 +1,10 @@
 2011-01-16  vadim  <vadim@netcitadel.com>
 
+	* NATCompiler_pix.cpp (processNext): see #1941 "ASA NAT - compiler
+	complains about range in original destination". NAT rules
+	translating destination allow Address Range objects in ODst or TDst
+	for ASA 8.3
+
 	* NamedObject.cpp (NamedObject): see #1940 "ASA NAT - fwbuilder
 	host objects interface ip is reserved keyword". Added list of
 	reserved words used in IOS and ASA software to make sure generated
diff --git a/src/cisco_lib/NATCompiler_pix.cpp b/src/cisco_lib/NATCompiler_pix.cpp
index c7a46b0da..b270ed93f 100644
--- a/src/cisco_lib/NATCompiler_pix.cpp
+++ b/src/cisco_lib/NATCompiler_pix.cpp
@@ -316,7 +316,7 @@ bool NATCompiler_pix::storeProcessedRules::processNext()
 bool NATCompiler_pix::VerifyRules::processNext()
 {
     NATRule *rule=getNext(); if (rule==NULL) return false;
-    string vers=compiler->fw->getStr("version");
+    string version = compiler->fw->getStr("version");
 
     if (rule->getRuleType()==NATRule::SDNAT) 
     {
@@ -326,9 +326,9 @@ bool NATCompiler_pix::VerifyRules::processNext()
         return true;
     }
 
-    bool  version_lt_63= ( compiler->fw->getStr("platform")=="pix" &&
-                           libfwbuilder::XMLTools::version_compare(compiler->fw->getStr("version"),"6.3")<0);  // fwsm is always above 6.3 - its OS is based on 6.3
-
+    bool  version_lt_63= (
+        compiler->fw->getStr("platform")=="pix" &&
+        libfwbuilder::XMLTools::version_compare(version, "6.3")<0);  // fwsm is always above 6.3 - its OS is based on 6.3
 
     RuleElementOSrc  *osrc=rule->getOSrc();  assert(osrc);
     RuleElementODst  *odst=rule->getODst();  assert(odst);
@@ -536,12 +536,12 @@ bool NATCompiler_pix::verifyRuleElements::processNext()
     Address  *tdst=compiler->getFirstTDst(rule);  assert(tdst);
     Service  *tsrv=compiler->getFirstTSrv(rule);  assert(tsrv);
 
-    bool version_lt_63 = libfwbuilder::XMLTools::version_compare(
-        compiler->fw->getStr("version"),"6.3")<0;
+    string version = compiler->fw->getStr("version");
 
     if (rule->getRuleType()==NATRule::SNAT)
     {
-	if ((! osrv->isAny() || ! tsrv->isAny()) && version_lt_63)
+	if ((! osrv->isAny() || ! tsrv->isAny()) &&
+            libfwbuilder::XMLTools::version_compare(version, "6.3")<0)
         {
 	    compiler->abort(
                     rule, 
@@ -552,7 +552,8 @@ bool NATCompiler_pix::verifyRuleElements::processNext()
 
     if (rule->getRuleType()==NATRule::DNAT)
     {
-	if (AddressRange::cast(odst) || AddressRange::cast(tdst)) 
+	if ((AddressRange::cast(odst) || AddressRange::cast(tdst)) &&
+            libfwbuilder::XMLTools::version_compare(version, "8.3")<0)
         {
 	    compiler->abort(
                     rule, 
@@ -925,6 +926,7 @@ bool NATCompiler_pix::createNATCmd::processNext()
 //    Helper helper(compiler);
     NATCompiler_pix *pix_comp = dynamic_cast<NATCompiler_pix*>(compiler);
     NATRule *rule = getNext(); if (rule==NULL) return false;
+    string version = compiler->fw->getStr("version");
 
     bool cluster_member = compiler->fw->getOptionsObject()->getBool("cluster_member");
     Cluster *cluster = NULL;
@@ -981,7 +983,7 @@ bool NATCompiler_pix::createNATCmd::processNext()
             ( natcmd->o_iface->getSecurityLevel() < natcmd->t_iface->getSecurityLevel());
 
         if (natcmd->outside && compiler->fw->getStr("platform")=="pix" &&
-            libfwbuilder::XMLTools::version_compare(compiler->fw->getStr("version"),"6.2")<0 )
+            libfwbuilder::XMLTools::version_compare(version, "6.2")<0 )
         {
             compiler->abort(
                     rule, 
diff --git a/test/pix/cluster1-1_pix1.fw.orig b/test/pix/cluster1-1_pix1.fw.orig
index de934761a..908446e80 100755
--- a/test/pix/cluster1-1_pix1.fw.orig
+++ b/test/pix/cluster1-1_pix1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:36 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:12 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1-1_pix2.fw.orig b/test/pix/cluster1-1_pix2.fw.orig
index 38afc2692..ecd879143 100755
--- a/test/pix/cluster1-1_pix2.fw.orig
+++ b/test/pix/cluster1-1_pix2.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:36 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:12 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1_pix1.fw.orig b/test/pix/cluster1_pix1.fw.orig
index 174a54f94..21925c39f 100755
--- a/test/pix/cluster1_pix1.fw.orig
+++ b/test/pix/cluster1_pix1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:36 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:12 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/cluster1_pix2.fw.orig b/test/pix/cluster1_pix2.fw.orig
index e54555041..9bf74ca1d 100755
--- a/test/pix/cluster1_pix2.fw.orig
+++ b/test/pix/cluster1_pix2.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:36 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:12 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall.fw.orig b/test/pix/firewall.fw.orig
index 02a217b41..c100d1bea 100755
--- a/test/pix/firewall.fw.orig
+++ b/test/pix/firewall.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:11 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:47 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall1.fw.orig b/test/pix/firewall1.fw.orig
index 85e52ead6..78535d0af 100755
--- a/test/pix/firewall1.fw.orig
+++ b/test/pix/firewall1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:12 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:48 2011 PST by vadim
 !
 ! Compiled for pix 6.1
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall10.fw.orig b/test/pix/firewall10.fw.orig
index 5aee26c25..9dedff81a 100755
--- a/test/pix/firewall10.fw.orig
+++ b/test/pix/firewall10.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:13 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:49 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall11.fw.orig b/test/pix/firewall11.fw.orig
index 087b50848..89a2e47e9 100755
--- a/test/pix/firewall11.fw.orig
+++ b/test/pix/firewall11.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:13 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:50 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall12.fw.orig b/test/pix/firewall12.fw.orig
index b5412d71b..8ffdb2faf 100755
--- a/test/pix/firewall12.fw.orig
+++ b/test/pix/firewall12.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:14 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:50 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall13.fw.orig b/test/pix/firewall13.fw.orig
index 15a9d4409..12b93c344 100755
--- a/test/pix/firewall13.fw.orig
+++ b/test/pix/firewall13.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:15 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:51 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall14.fw.orig b/test/pix/firewall14.fw.orig
index 92732b000..c347fe821 100755
--- a/test/pix/firewall14.fw.orig
+++ b/test/pix/firewall14.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:15 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:52 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall2.fw.orig b/test/pix/firewall2.fw.orig
index d3d0d520a..ef184c3fe 100755
--- a/test/pix/firewall2.fw.orig
+++ b/test/pix/firewall2.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:16 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:52 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall20.fw.orig b/test/pix/firewall20.fw.orig
index e6e5de825..26f0a600c 100755
--- a/test/pix/firewall20.fw.orig
+++ b/test/pix/firewall20.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:17 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:53 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall21-1.fw.orig b/test/pix/firewall21-1.fw.orig
index e212d1fce..efb9cc29c 100755
--- a/test/pix/firewall21-1.fw.orig
+++ b/test/pix/firewall21-1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:18 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:54 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall21.fw.orig b/test/pix/firewall21.fw.orig
index 81e6ad961..0589886ac 100755
--- a/test/pix/firewall21.fw.orig
+++ b/test/pix/firewall21.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:18 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:54 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall22.fw.orig b/test/pix/firewall22.fw.orig
index 4d77926cb..b5c6025b4 100755
--- a/test/pix/firewall22.fw.orig
+++ b/test/pix/firewall22.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:19 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:55 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall3.fw.orig b/test/pix/firewall3.fw.orig
index b5312c756..ad08ec32c 100755
--- a/test/pix/firewall3.fw.orig
+++ b/test/pix/firewall3.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:20 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:56 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall33.fw.orig b/test/pix/firewall33.fw.orig
index 5e7758340..8401784fb 100755
--- a/test/pix/firewall33.fw.orig
+++ b/test/pix/firewall33.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:21 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:57 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall34.fw.orig b/test/pix/firewall34.fw.orig
index 05f1adf99..634fe56a2 100755
--- a/test/pix/firewall34.fw.orig
+++ b/test/pix/firewall34.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:22 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:58 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall4.fw.orig b/test/pix/firewall4.fw.orig
index bdd21ba03..5013e01b8 100755
--- a/test/pix/firewall4.fw.orig
+++ b/test/pix/firewall4.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:22 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:58 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall50.fw.orig b/test/pix/firewall50.fw.orig
index 54a7612a1..2844fe526 100755
--- a/test/pix/firewall50.fw.orig
+++ b/test/pix/firewall50.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:23 2011 PST by vadim
+!  Generated Sun Jan 16 20:17:59 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall6.fw.orig b/test/pix/firewall6.fw.orig
index a6fdd70dd..bfae28bbe 100755
--- a/test/pix/firewall6.fw.orig
+++ b/test/pix/firewall6.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:24 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:00 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall8.fw.orig b/test/pix/firewall8.fw.orig
index c2b6a03ac..e7ee2867b 100755
--- a/test/pix/firewall8.fw.orig
+++ b/test/pix/firewall8.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:25 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:01 2011 PST by vadim
 !
 ! Compiled for pix 6.2
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall80.fw.orig b/test/pix/firewall80.fw.orig
index a104c71cc..b0483fe08 100755
--- a/test/pix/firewall80.fw.orig
+++ b/test/pix/firewall80.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:25 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:02 2011 PST by vadim
 !
 ! Compiled for pix 8.2
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall81.fw.orig b/test/pix/firewall81.fw.orig
index 24cc1854a..d0dcbd1b1 100755
--- a/test/pix/firewall81.fw.orig
+++ b/test/pix/firewall81.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:26 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:02 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall82.fw.orig b/test/pix/firewall82.fw.orig
index 19518701e..671f97046 100755
--- a/test/pix/firewall82.fw.orig
+++ b/test/pix/firewall82.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:27 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:03 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall83.fw.orig b/test/pix/firewall83.fw.orig
index 755d53384..399c06773 100755
--- a/test/pix/firewall83.fw.orig
+++ b/test/pix/firewall83.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:27 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:04 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall9.fw.orig b/test/pix/firewall9.fw.orig
index 4ef2d2ccc..4fd4c854d 100755
--- a/test/pix/firewall9.fw.orig
+++ b/test/pix/firewall9.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:28 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:04 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported
diff --git a/test/pix/firewall90.fw.orig b/test/pix/firewall90.fw.orig
index eb0d7b69c..148745fed 100755
--- a/test/pix/firewall90.fw.orig
+++ b/test/pix/firewall90.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:29 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:05 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/firewall91.fw.orig b/test/pix/firewall91.fw.orig
index 9f92053cf..eb73a541c 100755
--- a/test/pix/firewall91.fw.orig
+++ b/test/pix/firewall91.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:30 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:06 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
@@ -18,10 +18,10 @@
 
 ! N firewall91:NAT:8: error: Can not translate multiple services into one service in one rule. 
 ! N firewall91:NAT:9: error: Translated service should be 'Original' or should contain single object.
-! N firewall91:NAT:10: error: Oiginal destination can not be "any" in rules that translate destination
-! N firewall91:NAT:11: error: Oiginal destination can not be "any" in rules that translate destination
-! N firewall91:NAT:12: error: Oiginal destination can not be "any" in rules that translate destination
 ! N firewall91:NAT:13: error: Oiginal destination can not be "any" in rules that translate destination
+! N firewall91:NAT:14: error: Oiginal destination can not be "any" in rules that translate destination
+! N firewall91:NAT:15: error: Oiginal destination can not be "any" in rules that translate destination
+! N firewall91:NAT:16: error: Oiginal destination can not be "any" in rules that translate destination
 
 !
 ! Prolog script:
@@ -125,6 +125,15 @@ quit
 object service https
   service tcp destination eq 443
 quit
+object network outside_range
+  range 22.22.22.21 22.22.22.25
+quit
+object network internal_subnet_1
+  subnet 192.168.1.0 255.255.255.192
+quit
+object network test_range_1
+  range 192.168.1.11 192.168.1.15
+quit
 ! 
 ! Rule  0 (NAT)
 nat (outside,inside) source static any any destination static interface hostA:eth0 description "0 (NAT)"
@@ -149,6 +158,18 @@ nat (outside,inside) source static any any destination static interface hostA:et
 ! 
 ! Rule  7 (NAT)
 nat (outside,inside) source static any any destination static interface hostA:eth0 service http http description "7 (NAT)"
+! 
+! Rule  10 (NAT)
+! for #1941
+nat (outside,inside) source static any any destination static outside_range hostA:eth0 description "10 (NAT)"
+! 
+! Rule  11 (NAT)
+! for #1941
+nat (inside,outside) source dynamic internal_subnet_1 interface destination static outside_range hostA:eth0 description "11 (NAT)"
+! 
+! Rule  12 (NAT)
+! translating one range into another.
+nat (outside,inside) source static any any destination static outside_range test_range_1 description "12 (NAT)"
 
 
 
diff --git a/test/pix/firewall92.fw.orig b/test/pix/firewall92.fw.orig
index 2eb4b01cd..b974c3129 100755
--- a/test/pix/firewall92.fw.orig
+++ b/test/pix/firewall92.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:30 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:06 2011 PST by vadim
 !
 ! Compiled for pix 8.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm1.fw.orig b/test/pix/fwsm1.fw.orig
index 5441a395e..ddbb93c77 100755
--- a/test/pix/fwsm1.fw.orig
+++ b/test/pix/fwsm1.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:31 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:07 2011 PST by vadim
 !
 ! Compiled for fwsm 2.3
 ! Outbound ACLs: supported
diff --git a/test/pix/fwsm2.fw.orig b/test/pix/fwsm2.fw.orig
index 71fc66667..45656f368 100755
--- a/test/pix/fwsm2.fw.orig
+++ b/test/pix/fwsm2.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:32 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:08 2011 PST by vadim
 !
 ! Compiled for fwsm 4.x
 ! Outbound ACLs: supported
diff --git a/test/pix/objects-for-regression-tests.fwb b/test/pix/objects-for-regression-tests.fwb
index 3d8461812..203c1d783 100644
--- a/test/pix/objects-for-regression-tests.fwb
+++ b/test/pix/objects-for-regression-tests.fwb
@@ -19110,7 +19110,7 @@ no sysopt nodnsalias outbound
           <Option name="xlate_ss">0</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id20098X3981" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1295219041" platform="pix" version="8.3" name="firewall91" comment="testing new style ASA 8.3 nat commands&#10;DNAT rules&#10;" ro="False">
+      <Firewall id="id20098X3981" host_OS="pix_os" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1295237857" platform="pix" version="8.3" name="firewall91" comment="testing new style ASA 8.3 nat commands&#10;DNAT rules&#10;" ro="False">
         <NAT id="id20132X3981" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id20285X3981" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -19324,7 +19324,76 @@ no sysopt nodnsalias outbound
             </TSrv>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id21329X8588" disabled="False" group="" position="10" action="Translate" comment="for #1927">
+          <NATRule id="id28199X32583" disabled="False" group="" position="10" action="Translate" comment="for #1941&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id3D196750"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="host-hostA"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="color">#C0BA44</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id66679X32583" disabled="False" group="" position="11" action="Translate" comment="for #1941&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="id178241X29963"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id3D196750"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id20111X3981"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="host-hostA"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="color">#C0BA44</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id136500X1964" disabled="False" group="" position="12" action="Translate" comment="translating one range into another.&#10;">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id3D196750"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="id3CD8769F"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="color">#C0BA44</Option>
+            </NATRuleOptions>
+          </NATRule>
+          <NATRule id="id21329X8588" disabled="False" group="" position="13" action="Translate" comment="for #1927">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -19347,7 +19416,7 @@ no sysopt nodnsalias outbound
               <Option name="color">#C86E6E</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id21378X8588" disabled="False" group="" position="11" action="Translate" comment="for #1927">
+          <NATRule id="id21378X8588" disabled="False" group="" position="14" action="Translate" comment="for #1927">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -19370,7 +19439,7 @@ no sysopt nodnsalias outbound
               <Option name="color">#C86E6E</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id97464X8588" disabled="False" group="" position="12" action="Translate" comment="for #1927">
+          <NATRule id="id97464X8588" disabled="False" group="" position="15" action="Translate" comment="for #1927">
             <OSrc neg="False">
               <ObjectRef ref="id178241X29963"/>
             </OSrc>
@@ -19393,7 +19462,7 @@ no sysopt nodnsalias outbound
               <Option name="color">#C86E6E</Option>
             </NATRuleOptions>
           </NATRule>
-          <NATRule id="id97410X8588" disabled="False" group="" position="13" action="Translate" comment="for #1927">
+          <NATRule id="id97410X8588" disabled="False" group="" position="16" action="Translate" comment="for #1927">
             <OSrc neg="False">
               <ObjectRef ref="id178241X29963"/>
               <ObjectRef ref="id178250X29963"/>
diff --git a/test/pix/pix515.fw.orig b/test/pix/pix515.fw.orig
index 425b34b9e..bf5a9582b 100755
--- a/test/pix/pix515.fw.orig
+++ b/test/pix/pix515.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:33 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:09 2011 PST by vadim
 !
 ! Compiled for pix 7.0
 ! Outbound ACLs: supported
diff --git a/test/pix/real.fw.orig b/test/pix/real.fw.orig
index ca2690835..48edc1bba 100755
--- a/test/pix/real.fw.orig
+++ b/test/pix/real.fw.orig
@@ -1,9 +1,9 @@
 !
 !  This is automatically generated file. DO NOT MODIFY !
 !
-!  Firewall Builder  fwb_pix v4.2.0.3434
+!  Firewall Builder  fwb_pix v4.2.0.3435
 !
-!  Generated Sun Jan 16 16:41:34 2011 PST by vadim
+!  Generated Sun Jan 16 20:18:10 2011 PST by vadim
 !
 ! Compiled for pix 6.3
 ! Outbound ACLs: not supported