Local to public ip mapping in srx300

I have openvpn in my lan and want to route that machine with public, i have tried static / destination nat. I am able to connect my internal lan via openvpn with public ip but i can't do ssh to any machine in lan,  i can only ping to internal lan from outside
 
My static Nat

root@rt #show security nat static

rule-set rs1 {
    from zone Internet;
    rule r1 {
        match {
            destination-address 10.2.3.4/32;
        }
        then {
            static-nat {
                prefix {
                    192.168.50.21/32;
                }
            }
        }
    }
}

[edit]

root@rx# show security nat proxy-arp

interface ge-0/0/0.0 {
    address {
        10.2.3.4/32;
    }
}

[edit]

root@srx# show security policies from-zone Internet to-zone Internal

policy All_Internal_Internet {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        permit;
    }
}
policy permit-all {
    match {
        source-address ov-server;
        destination-address any;
        application any;
    }
    then {
        permit;
    }
}
root@srx# show security policies from-zone Internet to-zone Internal
policy ov-access {
    match {
        source-address any;
        destination-address ov-server;
        application any;
    }
    then {
        permit;
    }
}

[edit]