juniper ssg nat advice

Anyway: My advise as experienced user and instructor on ScreenOS: Allways put every interface in route-mode and do the natting in the policy. It's so much more clear what's going on with natting that way!
because interface base nat only valid for traffic from trust to untrust where interface in trust zone you set in nat mode