esp traffic should have reverse direction, if it is not, how communication works between two ends over esp? It is strange!!
It should yes, but this unidirectional flow is likely pre-programmed in anticipation of ESP packets getting in but then ESP packets never actually hit this box hence pkt count is 0. I would imagine a scenario where this flow could be programmed when IKE Phase 2 starts - specifically, when this box is responder and receives a packet with remote initiator' SA - but Ph 2 never actually completes, hence this flow stays unidirectional for a while.
Please enable IKE debug for peer 126.96.36.199 to get more information and then examine the logs to find why Ph2 does not complete, could be a proposal mismatch or something.
Yes I know it is strange but this is the way that it is always displayed in Junos and doesnt has to do anything with problems on the tunnel. If you check a stable VPN that it is passing traffic normally, you will still see this session in the same way. I believe it is there for some internal purposes.
If you want to check traffic/sessions going over the tunnel, you have to use a regular "show security flow session source-prefix [address] destination-prefix [address]" command. Also if you want to check if packets are getting encrypted/decrypted you can use a "show security ipsec statistics index [tunnel_index]".
Pura Vida from Costa Rica - Mark as Resolved if it applies. Kudos are appreciated too!