Thanks, this is what I found

INFO: MIGRATION - Saving the startup errors to file  'flash:upgrade_startup_errors_201105041246.log' Reading from flash... !!!! REAL  IP MIGRATION: WARNING In this version access-lists used in 'access-group',  'class-map', 'dynamic-filter classify-list', 'aaa match' will be migrated from  using IP address/ports as seen on interface, to their real values. If an  access-list used by these features is shared with per-user ACL then the original  access-list has to be recreated. INFO: Note that identical IP addresses or  overlapping IP ranges on different interfaces are not detectable by automated  Real IP migration. If your deployment contains such scenarios, please verify  your migrated configuration is appropriate for those overlapping  addresses/ranges. Please also refer to the ASA 8.3 migration guide for a  complete explanation of the automated migration process. INFO: MIGRATION -  Saving the startup configuration to file INFO: MIGRATION - Startup configuration  saved to file 'flash:8_2_1_0_startup_cfg.sav' *** Output from config line 4,  "ASA Version 8.2(1) " WARNING: MIGRATION: NAT Exempt command is encountered in  config. Static NATs which overlap with NAT Exempt source are not migrated.  Please check migrated ACLs for accuracy. *** Output from config line 272,  "access-group outside_acc..." WARNING: MIGRATION: NAT Exempt command is  encountered in config. Static NATs which overlap with NAT Exempt source are not  migrated. Please check migrated ACLs for accuracy. *** Output from config line  273, "access-group inside_acce..." WARNING: MIGRATION: NAT Exempt command is  encountered in config. Static NATs which overlap with NAT Exempt source are not  migrated. Please check migrated ACLs for accuracy. *** Output from config line  274, "access-group DMZ_access_..." WARNING: This command will not take effect  until interface 'management' has been assigned an IPv4 address *** Output from  config line 346, "ssh Corporate 255.255.25..." WARNING: MIGRATION: NAT Exempt  command is encountered in config. Static NATs which overlap with NAT Exempt  source are not migrated. Please check migrated ACLs for accuracy. WARNING:  MIGRATION: NAT Exempt command is encountered in config. Static NATs which  overlap with NAT Exempt source are not migrated. Please check migrated ACLs for  accuracy. *** Output from config line 448, "service-policy IPS-polic..." NAT  migration logs: The following 'nat' command didn't have a matching 'global' rule  on interface 'DMZ' and was not migrated. nat (inside) 3 Caesar 255.255.255.255  The following 'nat' command didn't have a matching 'global' rule on interface  'Kerio' and was not migrated. nat (inside) 3 Caesar 255.255.255.255 The  following 'nat' command didn't have a matching 'global' rule on interface 'DMZ'  and was not migrated. nat (inside) 2 Hark-WAN 255.0.0.0 The following 'nat'  command didn't have a matching 'global' rule on interface 'Kerio' and was not  migrated. nat (inside) 2 Hark-WAN 255.0.0.0 INFO: NAT migration completed. Real  IP migration logs: ACL has been migrated to real-ip version

Hi,

Based on that output the some or all of your nat exemption configuration was not migrated.

Since the migration tool detected overlaps between your static nat statements and the nat exemption some or all of the original the nat exemption commands were not migrated.

Also can you review the current (8.3) nat configuration to see if any of the statements have the unidirectional keyword defined.

If you find the unidirectional keywordyou may need to remove it to restore functionality.

For security reasons I would recommend against pasting any of this output in the forum.

Thanks,

Loren