BGP Nat Problem

Hi.

I have a problem .NAT Does not work properly ,i'm trying to set up EBGP in virtual router and  use it for internet connections via my PI-Address ,but when i'm tryng to reach internet using NAT i can't  reach anything.But From routing Instance i can ping everything ,and BGP working fine....

Juniper Model : srx240h2
Software Version:12.3X48-D35.7

Can someone please tell me what I am doing wrong?  


Thanks!

Here is my configuration

set security nat source pool PI-Inet-Address routing-instance vrflite
set security nat source pool PI-Inet-Address address 1.1.1.2/32
set security nat source pool PI-Inet-Address port no-translation
set security nat source pool PI-Inet-Address address-shared
set security nat source rule-set lan-to-ISP-BGP from zone lan
set security nat source rule-set lan-to-ISP-BGP to zone ISP-BGP
set security nat source rule-set lan-to-ISP-BGP rule bgp-source-nat-rule match source-address 10.27.64.14/32
set security nat source rule-set lan-to-ISP-BGP rule bgp-source-nat-rule match destination-address 0.0.0.0/0
set security nat source rule-set lan-to-ISP-BGP rule bgp-source-nat-rule then source-nat pool PI-Inet-Address
set security policies from-zone ISP-BGP to-zone ISP-BGP policy isp-to-isp match source-address any
set security policies from-zone ISP-BGP to-zone ISP-BGP policy isp-to-isp match destination-address any
set security policies from-zone ISP-BGP to-zone ISP-BGP policy isp-to-isp match application any
set security policies from-zone ISP-BGP to-zone ISP-BGP policy isp-to-isp then permit
set security policies from-zone ISP-BGP to-zone lan policy ISP-to-lan match source-address any
set security policies from-zone ISP-BGP to-zone lan policy ISP-to-lan match destination-address any
set security policies from-zone ISP-BGP to-zone lan policy ISP-to-lan match application any
set security policies from-zone ISP-BGP to-zone lan policy ISP-to-lan then permit
set security policies from-zone lan to-zone ISP-BGP policy lan-to-ISP match source-address any
set security policies from-zone lan to-zone ISP-BGP policy lan-to-ISP match destination-address any
set security policies from-zone lan to-zone ISP-BGP policy lan-to-ISP match application any
set security policies from-zone lan to-zone ISP-BGP policy lan-to-ISP then permit
set security policies from-zone lan to-zone lan policy lan-to-lan match source-address any
set security policies from-zone lan to-zone lan policy lan-to-lan match destination-address any
set security policies from-zone lan to-zone lan policy lan-to-lan match application any
set security policies from-zone lan to-zone lan policy lan-to-lan then permit
set security zones security-zone lan host-inbound-traffic system-services all
set security zones security-zone lan host-inbound-traffic protocols all
set security zones security-zone lan interfaces reth1.0
set security zones security-zone ISP-BGP host-inbound-traffic system-services ping
set security zones security-zone ISP-BGP host-inbound-traffic system-services ssh
set security zones security-zone ISP-BGP host-inbound-traffic system-services ike
set security zones security-zone ISP-BGP interfaces reth3.0 host-inbound-traffic system-services ping
set security zones security-zone ISP-BGP interfaces reth3.0 host-inbound-traffic system-services rpm
set security zones security-zone ISP-BGP interfaces lo0.0 host-inbound-traffic system-services ping
set security zones security-zone ISP-BGP interfaces lo0.0 host-inbound-traffic system-services rpm

set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family inet filter input-list GoToISP
set interfaces reth1 unit 0 family inet address 10.0.1.2/30
set interfaces reth3 redundant-ether-options redundancy-group 3
set interfaces reth3 unit 0 family inet address 1.1.1.2/30
set interfaces lo0 unit 0 family inet address 2.2.2.1/26

set routing-options interface-routes rib-group inet Global
set routing-options static rib-group Secondary
set routing-options rib-groups Global import-rib inet.0
set routing-options rib-groups Global import-rib vrflite.inet.0
set routing-options rib-groups Secondary import-rib inet.0
set routing-options rib-groups Secondary import-rib vrflite.inet.0
set routing-options rib-groups Secondary import-policy static-input

set policy-options policy-statement static-input term filter-default-routes from route-filter 0.0.0.0/0 exact
set policy-options policy-statement static-input term filter-default-routes then reject
set policy-options policy-statement static-input term filter-static-bgp-routes from route-filter 1.1.1.0/26 exact
set policy-options policy-statement static-input term filter-static-bgp-routes then reject
set policy-options policy-statement static-input then accept
set policy-options policy-statement EBGP-input term allowall then accept
set policy-options policy-statement EBGP-output term out-networks from route-filter 1.1.1.0/24 exact
set policy-options policy-statement EBGP-output term out-networks then accept
set policy-options policy-statement EBGP-output then reject

set firewall family inet filter GoToISP term 3 from source-address 10.27.64.14/32
set firewall family inet filter GoToISP term 3 from destination-address 0.0.0.0/0
set firewall family inet filter GoToISP term 3 from destination-address 172.16.0.0/12 except
set firewall family inet filter GoToISP term 3 from destination-address 192.168.0.0/16 except
set firewall family inet filter GoToISP term 3 from destination-address 10.0.0.0/8 except
set firewall family inet filter GoToISP term 3 then log
set firewall family inet filter GoToISP term 3 then routing-instance vrflite

set routing-instances vrflite instance-type virtual-router
set routing-instances vrflite interface lo0.0
set routing-instances vrflite interface reth3.0
set routing-instances vrflite routing-options interface-routes rib-group inet Global
set routing-instances vrflite routing-options static route 10.27.64.0/24 next-table inet.0
set routing-instances vrflite routing-options router-id 1.1.1.2
set routing-instances vrflite protocols bgp local-as 22222
set routing-instances vrflite protocols bgp group EBGP type external
set routing-instances vrflite protocols bgp group EBGP multipath
set routing-instances vrflite protocols bgp group EBGP neighbor 1.1.1.1 import EBGP-input
set routing-instances vrflite protocols bgp group EBGP neighbor 1.1.1.1 export EBGP-output
set routing-instances vrflite protocols bgp group EBGP neighbor 1.1.1.1 peer-as 11111
set routing-instances vrflite protocols bgp group EBGP neighbor 1.1.1.1 local-as 22222

Also , here is example of Flow session
  Session ID: 3253, Policy name: lan-to-ISP/26, State: Active, Timeout: 10, Valid
  In: 10.27.64.14/2927 --> 8.8.8.8/4806;icmp, If: reth1.0, Pkts: 1, Bytes: 84
  Out: 8.8.8.8/4806 --> 1.1.1.2/2927;icmp, If: reth3.0, Pkts: 0, Bytes: 0