I did an 8.2 -> 9.0 migration on ASA 5520s (and later 5525-x) last year. While there are upgrade paths which will convert the configuration, I had better results re-writing it from scratch. I did use a 8.2 -> 8.4 -> 9.0 automatic rewrite in a test lab to help inspire the from-scratch work.
The big changes are:
* NAT is completely different, and ACL's use the real, on-link (usually private) addresses not the mapped (usually public) NAT addresses. I converted all of my outbound subnet mappings and inbound host mappings to phase II object NAT. I had to be careful about having phase I double-NAT rules for IPsec and other internal rewrite uses which kicked in before the phase II stuff. I didn't need any phase III rules. I ended up with a lot less NAT0 style phase I rules than in the old style; I like the new way better.
* IPv6 support is completely different, with integrated ACL's for v4 and v6. So "any" is now dual-protocol, with new "any4" and "any6" keywords for the old-style single-protocol rules. Note that network object-groups can be dual-protocol, but network objects cannot.
* You can use IKEv2 IPsec negotations if you want.
-- Jim Leinweber, WI State Lab of Hygiene