I am facing the following issue when I was setting up ipv6 NAT64 , VPN does not work when the below rule is enabled , I removed the below Static Nat statement and VPN started working again , here is the command I removed from the SRX
set security nat static rule-set nat64-static from zone TRUST
set security nat static rule-set nat64-static rule ipv6-clients match destination-address 64:ff9b::/96
set security nat static rule-set nat64-static rule ipv6-clients then static-nat inet
Now question is why did the VPN stop when I issued the above command , secondly I am not able to configure source-address in the static Nat, I see that this is possible in VSRX and in SRX240H, We have two SRX240H2 in cluster the version is as below , refer to the url below a source-address is required for smooth working .
So My questions are
1) why did the above Static NAT configuration stop VPN
2) Why is the SRX static NAT not allowing source address - I believe if source address is added it should solve the issue.