srx240 , 650 dnat issue

Hi Juniper,

I'm having weird issue on some of sites, but on few it does work. We have 2 isp's in each site and one has default route, one has default route as backup with pref25. We have to dnat one ip from each public isp to local vpn server. Idea is to connect to any of those isp lines and still be dnatted. Trick is, that dnatted traffic actually works only on isp where route is pointing to. Here is example config:

set security nat destination pool dst_nat_vpn_pool address 10.10.10.10/32
set security nat destination pool dst_nat_vpn_pool address port 443

set security nat destination rule-set dst_nat_vpn from zone EXT
set security nat destination rule-set dst_nat_vpn rule r1 match destination-address 1.1.1.5/32
set security nat destination rule-set dst_nat_vpn rule r1 match destination-port 443
set security nat destination rule-set dst_nat_vpn rule r1 match protocol tcp
set security nat destination rule-set dst_nat_vpn rule r1 then destination-nat pool dst_nat_vpn_pool

set security nat destination rule-set dst_nat_vpn rule r2 match destination-address 2.2.2.5/32
set security nat destination rule-set dst_nat_vpn rule r2 match destination-port 443
set security nat destination rule-set dst_nat_vpn rule r2 match protocol tcp
set security nat destination rule-set dst_nat_vpn rule r2 then destination-nat pool dst_nat_vpn_pool

set security nat proxy-arp interface reth0.0 address 1.1.1.5/32
set security nat proxy-arp interface reth1.0 address 2.2.2.5/32

set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1
set routing-options static route 0.0.0.0/0 qualified-next-hop 2.2.2.1 preference 25

set interfaces reth0 unit 0 description isp1
set interfaces reth0 unit 0 family inet address 1.1.1.2/24
set interfaces reth1 unit 0 description isp2
set interfaces reth1 unit 0 family inet address 2.2.2.2/24

Policies are excluded as they are fine. When I connect to 1.1.1.5 where default route is, dnat works and I have connection, but when I connect to 2.2.2.5, dnat session does show up, server receives request, but reply is never routed back correctly ( server sends it out, but it gets lost on srx ). If I add /32 route of my test connection to 2nd isp ( 2.2.2.1 ), then connection works.

I have same setup in few other places where this works and I cannot figure out what mechanism is not letting it to happen here. 
Thank you for advice,