I am having an issue with site to site vpn between an asa 5520 and juniper ss 505m. The tunnel comes up, but we seem to be unable to pass traffic over the vpn tunnel.  It appears the remote side makes a ftp server connection to the Local server but is never prompted for login credentials.

Apr 19 2016 13:27:13 SQL-B2B-01 : %ASA-4-402116: IPSEC: Received an ESP packet (SPI= 0xD167A5E8, sequence number= 0xD) from X.X.

241.90 (user= X.X.241.90) to X.X.167.230.  The decapsulated inner packet doesn't match the negotiated policy in the SA.  The

packet specifies its destination as X.X.167.233, its source as X.X.2.68, and its protocol as tcp.  The SA specifies its loc

al proxy as X.X.167.233/255.255.255.255/tcp/5376 and its remote_proxy as X.X.2.68/255.255.255.255/tcp/5376.

access-list West extended permit ip object-group Local object-group Remote

nat (inside,outside) source static Local Local_Pub destination static Remote Remote

crypto ipsec ikev1 transform-set Remote esp-aes-256 esp-sha-hmac

crypto map West-Map 95 match address Remote
crypto map West-Map 95 set peer X.X.241.90
crypto map West-Map 95 set ikev1 transform-set Remote
crypto map West-Map 95 set security-association lifetime seconds 28800

juniper-

"Remote-ftp" X.X.167.233 255.255.255.255

P1 proposal gateway preshare "SonoraQ@OT32" proposal "pre-g2-aes256-sha-28800"

p2-proposal "no-pfs-esp-aes256-sha-28800" no-pfs esp aes256 sha-1 second 28800

----------------------

set policy top from "Trust" to "Untrust"  "X.X.2.68/32" "Remote-ftp" "ftp" tunnel vpn "Remote-vpn" log

set policy top from "Untrust" to "Trust"  "Remote-ftp" "X.X.2.68/32" "ftp" tunnel vpn "SonoraQ-vpn" log