Hi Mahesh,
The NAT policy seems to be fine. Let me give you more inside to it
Ex:
Client_ 192.168.1.2/24 --------- [ 192.168.1.1/24; Zone: Turst ---SRX-----Zone: Untrust; 200.200.200.2]---------Internet
To get client ip subnet natted below configuration should do
set security nat source rule-set xxx from zone trust
set security nat source rule-set xxx to zone untrust
set security nat source rule-set xxx rule xxx match source-address 192.168.1.1/24
set security nat source rule-set xxx rule xxx match destination-address 0.0.0.0/0
set security nat source rule-set xxx rule xxx match protocol icmp
set security nat source rule-set xxx rule xxx then source-nat interface
To allow ICMP flow following policy needed
set security zones security-zone trust address-book address client_192.168.1.1 192.168.1.1/24
set security policies from-zone trust to-zone untrust policy icmp_allow match source-address client_192.168.1.1
set security policies from-zone trust to-zone untrust policy icmp_allow match destination-address any
set security policies from-zone trust to-zone untrust policy icmp_allow match application junos-icmp-all
set security policies from-zone trust to-zone untrust policy icmp_allow then permit
I hope this helps you.
Thanks
SHKM