Hi Vikas,
Thanks for Your reply.
I had allowed the ping inbound before vpn config. And I was able to ping the remote end GW IP as well.
Yes, the remote end device is not Netscreen/Juniper, its Cisco FWSM. So since the traffic is passing through even though the state is A/D, should I consider it be a normal working scenario ?
I tried removing the Proxy IDs configured on my end, because in one of the event messages it said Proxy ID mismatch. However when I removed, the SA assocation went I/I. Hence added it back to make it A/D. But didn't see the error again. This resulted in new pair of SA assocations showing in the get sa. The previous ones were listed as expired.
I'm configuring with IKEv1 and I didn't found the option for PFS. (Software Version: 6.3.0r17b.0).
Please let me know.
Thanks & Regards.
ishaik