Re: Is is have traffic impact?

may i know if i add command "set security nat source address-persistent"  in the life traffic nat is it will impact the current traffic?

The documentation does not say this interupts sessions and since the feature just adds a timer AFTER the session closes to keep the association of NAT the same, I would assume there is no affect.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB20711

One more thing what actually purpose of nat source address-persistent?

Typically this is used with VOIP applications that have issues with NAT changing addresses in a pool too often.

https://www.juniper.net/techpubs/en_US/junos/topics/concept/nat-security-source-session-traversal-utilities-for-nat-protocol-understanding.html

I have the issue before traffic swing to SRX (previously using another firewall) the IPSEC from customer can establish. But after it swing to SRX the IKE Phase 1 cannot establish..

https://kb.juniper.net/InfoCenter/index?page=content&id=KB22178&actp=search

I am not sure I follow the issue.  But I think you are saying an IPSEC connection crosses the SRX and terminates behind the SRX to another device.  The KB covers this case:

1. Device with VPN is behind SRX
2. SRX is doing NAT on the interface address of this device
3. The device behind the SRX CANNOT be programed with NAT-T

Are these three conditions correct for your device?