From what I can recall, this message sometimes indicates that there's a mismatch between the source/destination of the packets you are trying to send over the tunnel and the Local/Remote values entered in to the VPN definition.
Have you tried sending traffic to the other side of the VPN directly from the Firewall CLI?
Try running "showaudit -kv" before testing the tunnel. This should give you VPN specific audit messages which may reveal something else. It could be that there is something else which is stopping the security association from establishing and the errors you are seeing in "acat -ak" are then related to subsequent packets trying to pass through after the security association has already failed.