I understand that below is your client tunnel:
HEX ID Gateway Port Algorithm SPI Life:sec kb Sta PID vsys
0000801b< 223.197.162.232 500 esp:3des/sha1 d7754bae 3182 unlim A/D 19 0
0000801b> 223.197.162.232 500 esp:3des/sha1 8ba81672 3182 unlim A/D -1 0
As I requested earlier, I will need 'get sa id <id> output as well to see the proxy ID etc. In this case case the command to get the sa details would be 'get sa id 801b' .
Also, from debugs I see you are trying to ping 172.31.99.63 to 192.168.135.1 which migh be working. however, packets are not seen in the debug because the filters were not added. You need to have have bidirectional filters and no need to add filter for the tunnel end points. just have filters for the actual IPs : ex if you machine is getting IP x.x.x.x(IPSec client IP) and the destination you are trying to ping is y.y.y.y then two filters will be needed as below
set ffilter src-ip x.x.x.x dst-ip y.y.y.y
set ff src-ip y.y.y.y dst-ip x.x.x.x
Please collect the complete sa details and the debug logs with the appropriate filter for working and the non-working traffic. Also, please let me know what IPs you are pinging during the test.
Thanks,
Vikas