Further to this the RAP's appear to be stuck in the logon role?
10.119.1.113 00:00:00:00:00:00 logon 00:00:00 VPN N/A tunnel
10.119.1.101 00:00:00:00:00:00 logon 00:00:05 VPN N/A tunnel
10.119.1.100 00:00:00:00:00:00 logon 00:00:01 VPN N/A tunnel
10.119.1.99 00:00:00:00:00:00 logon 00:00:00 VPN N/A tunnel
10.119.1.98 00:00:00:00:00:00 logon 00:00:01 VPN N/A tunnel
10.119.1.97 00:00:00:00:00:00 logon 00:00:01 VPN N/A tunnel
Logon role is as per before the upgrade :
access-list List
----------------
Position Name Location
-------- ---- --------
1 logon-control
2 captiveportal
3 vpnlogon
4 v6-logon-control
5 captiveportal6
I can also see that they are passing Phase 2 just not on their respective Controllers
###############
Admin, please delete this customer has broken their Master-Local IPSEC connectivity :)
###############