Hi Hitesh,
In my case i used: X509 Authentication and Signature.
Are you passing auth/message/user and auth/message/pass (If needed) and keystoreAlias parameters (If needed) in the IS request to ws?
You should check if webService response header or body is encypted. In this case, you must apply the policy to the reponse to.
When I was testing this issue i compare request that you use with soapUI with the request that IS generate. In soapUI you can see real request with headers in the RAW View.
In IS you should configure a Proxy or similar to see the complete Request that you are sending to the WebService.
Once you have two Request (soapUI and IS) you can compare them and see the differences.
Regards,
Diego