it is using the same egress interface

packet-tracer input inside tcp x.x.x.x 12345 y.y.y.y 80 detail 

share output of packet-tracer if you can  

What does appear to be strange is that the tunnel will initialise from one side (remote) but not the local firewall (updated one) , I can see in debug that if I try from the local it gets an authentication failure

username:unknown IKEV2 Negotiation Aborted due to ERROR: Auth exchange failed

if I try from the remote side the tunnel comes up, I have checked the pre-shared keys and they are the same.

then only clear crypto isakmp and crypto ipsec and check again 

This made no difference

I have a call with TAC today

ASA# show asp table vpn-context detail

ASA# SHOW CRYPTO IPSEC SA PEER x.x.x.x

 do show both above command see if the SPI for this Peer is same or not, 

The inbound and the outbound SPI do match

#recv errors: xxxx

 do you see recv errors  when do 

show crypto ipsec sa 

The fault was found to be an incorrect route, on the older version of 9.14(1) this route was ignored, when the upgrade was done to 9.14(4)15 the incorrect route was used.

This was reproducible by dropping back to the old version it started passing traffic, when we applied the new version it failed, removed the route and traffic was being passed.

Yes as I mention in my first comment check the egress interface. 
I am so glad your issue solved.
great Job friend.