You should enable ike trace and also check on the asa what are the error messages related to this vpn tunnel. can you post the output of "show security ike security-associations" and "show security ipsec security-associations" when tunnel is established and when tunnel doesn't come up ? can you also post your asa vpn config and srx vpn config ?

This is because Cisco ASAs are less tolerant of mismatched proxy IDs than Juniper boxes are.

 

Juniper boxes will accept a proxy ID that is a match, or a superset of a match.  Cisco boxes will only accept an exact match.

 

So, if you have a proxy ID on your Juniper side of 192.168.1.0/24 and the Cisco side is 192.168.1.5/32, then if the Cisco side initiates that tunnel your Juniper will accept that and build the SA. If the Juniper tries to initiate, the Cisco will deny it because it's not an exact match.

 

You need to make sure your proxy IDs are carefully set on both ends. Cisco devices build their proxy IDs using their ACL entires, so, for policy-based VPN on your Juniper, that means building a separate policy (or pair of policies, for bi-directional VPNs) to exactly match each line of the ACL entries on the ASA side.