See the sample setup for vip in kb26891
http://kb.juniper.net/InfoCenter/index?page=content&id=KB26891
When you are doing a translation of one port to another, you write the policy to use the original port:
f the destination port has to be translated for the incoming traffic as well, then the service under the VIP will have to be configured accordingly and the VIP policy will have to consist of both the Virtual port and the Service (port) under the Service options. For example:
set interface ethernet0/1 vip 1.1.1.1 80 "HTTPS" 172.16.0.1
Here, the destination field for the incoming HTTP traffic for 1.1.1.1 will translate to 172.16.0.1 along with the destination port translating to 443 and head across to the internal network.
For this to work, you have to create a policy that includes both the virtual service and the required service:
set policy id 1 from "Untrust" to "Trust" "Any" "VIP(1.1.1.1)" "HTTP" permit log
set policy id 1
set service "HTTPS"
exit