Based on the logs you have IKE phase 1 issue.
I would re check the setup in case something got changed in the upgrade
Check the IAP mac is still in the whitelist
Check the VPN pool make sure it non routable ip range
Check default-vpn-role
show references user-role default-vpn-role
References to User Role "default-vpn-role"
------------------------------------------
aaa authentication vpn "default" default-role
aaa authentication vpn "default-iap" default-role
aaa authentication vpn "default-rap" default-role
Run the following commands, if you still have issue
- show datapath session table <ipaddress> | include 4500
- show crypto ipsec sa
-show user-table verbose
Make sure UDP/4500 is allowed