Re: cisco asa to juniper srx vpn site to site not working !!!!

i change the vpn from route to policy based vpn and this is the configuration 

root@site-a-dahra-ly# show |display set |no-more   
set version 12.3X48-D35.7
set system host-name site-a-dahra-ly
set system root-authentication encrypted-password "$1$1tBoYfRI$ZOtY2ggiMhZFmaZnDro301"
set system name-server 8.8.8.8
set system name-server 8.8.4.4
set system login class ssh idle-timeout 60
set system services ssh
set system services web-management https system-generated-certificate
set chassis alarm ethernet link-down ignore
set security ike proposal ike-proposal-site-a-DH authentication-method pre-shared-keys
set security ike proposal ike-proposal-site-a-DH dh-group group2
set security ike proposal ike-proposal-site-a-DH authentication-algorithm sha1
set security ike proposal ike-proposal-site-a-DH encryption-algorithm aes-256-cbc
set security ike proposal ike-proposal-site-a-DH lifetime-seconds 86400
set security ike policy ike-policy-site-a-DH mode main
set security ike policy ike-policy-site-a-DH proposals ike-proposal-site-a-DH
set security ike policy ike-policy-site-a-DH pre-shared-key ascii-text "$9$.fznCAuB1E9CS7ev8LNdb82gJjH.Qz6sYT3"
set security ike gateway ike-gate-site-a-DH ike-policy ike-policy-site-a-DH
set security ike gateway ike-gate-site-a-DH address x.x.x.x
set security ike gateway ike-gate-site-a-DH external-interface ge-0/0/0
set security ipsec proposal ipsec-proposal-site-a-DH protocol esp
set security ipsec proposal ipsec-proposal-site-a-DH authentication-algorithm hmac-sha1-96
set security ipsec proposal ipsec-proposal-site-a-DH encryption-algorithm aes-256-cbc
set security ipsec proposal ipsec-proposal-site-a-DH lifetime-seconds 3600
set security ipsec policy ipsec-policy-site-a-DH proposals ipsec-proposal-site-a-DH
set security ipsec vpn ipsec-vpn-site-a-DH ike gateway ike-gate-site-a-DH
set security ipsec vpn ipsec-vpn-site-a-DH ike ipsec-policy ipsec-policy-site-a-DH
set security ipsec vpn ipsec-vpn-site-a-DH establish-tunnels immediately
set security flow tcp-mss ipsec-vpn mss 1350
set security nat source rule-set trust-to-untrust from zone site-a-dahra
set security nat source rule-set trust-to-untrust to zone egy-mscc
set security nat source rule-set trust-to-untrust rule nonat match source-address a.30.30.0/24
set security nat source rule-set trust-to-untrust rule nonat match destination-address b.131.67.0/24
set security nat source rule-set trust-to-untrust rule nonat then source-nat off
set security policies from-zone site-a-dahra to-zone egy-mscc policy vpnpolicy-site-a-dahra-egy-mscc match source-address site-a-DH-a-30-30
set security policies from-zone site-a-dahra to-zone egy-mscc policy vpnpolicy-site-a-dahra-egy-mscc match destination-address egy-mscc-b-131-67
set security policies from-zone site-a-dahra to-zone egy-mscc policy vpnpolicy-site-a-dahra-egy-mscc match application any
set security policies from-zone site-a-dahra to-zone egy-mscc policy vpnpolicy-site-a-dahra-egy-mscc then permit tunnel ipsec-vpn ipsec-vpn-site-a-DH
set security policies from-zone egy-mscc to-zone site-a-dahra policy vpnpolicy-egy-mscc-site-a-dahra match source-address egy-mscc-b-131-67
set security policies from-zone egy-mscc to-zone site-a-dahra policy vpnpolicy-egy-mscc-site-a-dahra match destination-address site-a-DH-a-30-30
set security policies from-zone egy-mscc to-zone site-a-dahra policy vpnpolicy-egy-mscc-site-a-dahra match application any
set security policies from-zone egy-mscc to-zone site-a-dahra policy vpnpolicy-egy-mscc-site-a-dahra then permit tunnel ipsec-vpn ipsec-vpn-site-a-DH
set security zones security-zone site-a-dahra address-book address site-a-DH-a-30-30 a.30.30.0/24
set security zones security-zone site-a-dahra host-inbound-traffic system-services all
set security zones security-zone site-a-dahra host-inbound-traffic protocols all
set security zones security-zone site-a-dahra interfaces ge-0/0/1.0
set security zones security-zone site-a-dahra interfaces lo0.0
set security zones security-zone egy-mscc address-book address egy-mscc-b-131-67 b.131.67.0/24
set security zones security-zone egy-mscc host-inbound-traffic system-services ike
set security zones security-zone egy-mscc host-inbound-traffic system-services ping
set security zones security-zone egy-mscc interfaces ge-0/0/0.0
set interfaces ge-0/0/0 unit 0 family inet address x.x.x.38/29
set interfaces ge-0/0/1 unit 0 family inet address a.30.30.1/24
set interfaces ge-0/0/15 unit 0 family inet address 192.168.4.1/24
set interfaces lo0 unit 0 family inet address a.30.30.2/24
set routing-options static route 0.0.0.0/0 next-hop x.x.x.33

and give me this warring 

ID: 2 Virtual-system: root, VPN Name: ipsec-vpn-NCB-DH
Local Gateway: x.x.x.38, Remote Gateway: x.x.x.2
Local Identity: ipv4_subnet(any:0,[0..7]=a.30.30.0/24)
Remote Identity: ipv4_subnet(any:0,[0..7]=b.131.67.0/24)
Version: IKEv1
DF-bit: clear , Policy-name: vpnpolicy-egy-mscc-ncb-dahra
Port: 500, Nego#: 0, Fail#: 0, Def-Del#: 0 Flag: 0x600829
Tunnel events:
Tue Feb 07 2017
: IKE SA negotiation successfully completed (3 times)
Tue Feb 07 2017
: Tunnel is ready. Waiting for trigger event or peer to trigger negotiation (1 times)
Tue Feb 07 2017
: External interface's address received. Information updated (1 times)
Tue Feb 07 2017
: External interface's zone received. Information updated (1 times)