After using the Cisco PIX-to-ASA Migration Tool to configure an Cisco ASA-5520 to replace a PIX 515E, users can no longer connect to a CVPN 3005 concentrator. "Secure VPN Connected terminated by peer. Reason 427: Unknown Error Occurred at Peer."

I suspect the problem has to do with nat transparency, but I am not sure how to modify the global policy-map. Can anyone refer me to a document that might provide the answer? Thank you.

My configuration of my ASA-5520 is as follows:

hostname ASA-5520-DIA
domain-name ciscopix.com
enable password --------------------- encrypted
passwd ------------------------ encrypted
names
dns-guard
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address <public ip>

!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address <private ip>

!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address <dmz ip>

!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
no nameif
no security-level
no ip address
!
boot system disk0:/asa821-k8.bin
ftp mode passive
clock timezone CDT -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name
access-list 102 extended permit tcp any host <public ip> eq www
access-list 102 extended permit tcp any host <public ip> eq smtp
access-list 102 extended permit esp any host <cvpn 3000 public ip>

access-list 102 extended permit udp any host <cvpn 3000 public ip> eq isakmp
access-list 102 extended permit udp any host <cvpn 3000 public ip> eq 4500
access-list 102 extended permit udp any host <cvpn 3000 public ip> eq 10000
access-list 105 extended deny ip any any log
pager lines 65
logging enable
logging timestamp
logging trap alerts
logging host inside

mtu outside 1500
mtu inside 1500
mtu DMZ 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
asdm history enable
arp timeout 14400
global (outside) 1 <public ip> netmask <mask>
nat (inside) 1 <inside ip><inside mask>
nat (DMZ) 1 <dmz ip> <dmz mask>

static (DMZ,outside) <cvpn 3000 public ip> <cvpn 3000 dmz ip> netmask <mask>
access-group 102 in interface outside
route outside 0.0.0.0 0.0.0.0 __________

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http ------------------  inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps syslog
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet ----------------------  inside
telnet timeout 60
ssh -------------------  inside
ssh timeout 60
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server --------------- source outside prefer
webvpn
policy-map global_policy
service-policy global_policy global
prompt hostname context