Recently updated the software on an ASA 5545 from 9.14(1) to 9.14(4)15, I have multiple VPN tunnels running.
After the upgrade the tunnels come up but I am only seeing traffic in 1 direction, I have checked the config against the previous config and all appear to be correct.
What does appear to be strange is that the tunnel will initialise from one side (remote) but not the local firewall (updated one) , I can see in debug that if I try from the local it gets an authentication failure
username:unknown IKEV2 Negotiation Aborted due to ERROR: Auth exchange failed
if I try from the remote side the tunnel comes up, I have checked the pre-shared keys and they are the same.
The fault was found to be an incorrect route, on the older version of 9.14(1) this route was ignored, when the upgrade was done to 9.14(4)15 the incorrect route was used.
This was reproducible by dropping back to the old version it started passing traffic, when we applied the new version it failed, removed the route and traffic was being passed.