Static Nat Return traffic not Nat'ing

Hi all,

I have an issue / question that I was hoping the community could assist with.  I have logged it with JTAC already and they are saying "hmmm it should work, we need to investigate further" but I thought it should be quite simple?

I have a device (10.0.1.67) that can't/won't route traffic correctly.  It can communicate with devices on its own /24 but nothing else.  So to try and work around this (I need to print to it via port 9100 on the WAN) I thought I could setup a static NAT to nat to it from the SRX 210HE that lives on the same subnet as per below

arbadmin@Seattle-SRX# run show configuration security nat static
rule-set trust {
    from zone trust;
    rule usa-invoice-priter {
        match {
            destination-address 10.0.1.1/32;
            destination-port 9100;
        }
        then {
            static-nat {
                prefix {
                    10.0.1.67/32;
                    mapped-port 9100;
                }
            }
        }
    }
}

which to my view says that any traffic that hits 10.0.1.1:9100 will have its source IP changed to 10.0.1.1 and then sent on to 10.0.67.  When 10.0.67 responds the flow will be recognised, the return traffic will have its destination changed once 10.0.67 replies to 10.0.1.1 and then forwarded on, thus completing the loop and comms are possible.  machines on the WAN are none the wiser that although they think they are talking to 10.0.1.1:9100 they are ACTUALLY talking to 10.0.1.67:9100 instead.

Well when I teset this, the flow from say 192.168.0.215 through to 10.0.1.1:9100 shows that its being NAT'd to 10.0.1.67 but the return traffic is showing as its going straight to 192.168.0.215 and thus doesnt work as shown by this flow

admin@SSRX# run show security flow session destination-port 9100
Session ID: 16074, Policy name: allow-all-intra-zone/7, Timeout: 14, Valid
  In: 192.168.0.215/9545 --> 10.0.1.1/9100;tcp, If: fe-0/0/3.0, Pkts: 2, Bytes: 104
  Out: 10.0.1.67/9100 --> 192.168.0.215/9545;tcp, If: vlan.4, Pkts: 0, Bytes: 0
Total sessions: 1

Could someone please assist me with explaining why the returning traffic is not natting the same way and 2) how to make it do it as i need the returning traffic to come from 10.0.1.1.  From the NAT documents that I have read, i thought this was the case.

Cheers,

Aaron