Juniper防火墙做mip一对一映射的问题

网络菜

有哪位好心的大神可以帮小弟解答个技术问题啊？小弟没有接触过防火墙，配置都是看文档来的，下面有我配置后保存的配置文档，请大神解答下哈
近期配置Juniper防火墙，型号是ssg550m的，外网地址是10.66.176.242（A），内网服务器发布的系统地址是10.1.0.5（B）。
A这个地址是可以上外网的，B这个地址就是内部局域网的，现在的问题是外部的人可以通过A这个地址访问B的，我用mip做了地址映射后，内外网根本就ping不通

unset key protection enable
set clock timezone 0
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin_dt"
set admin password "nK9qIsrHB7qKc1YAgsPE5wGtcwHJ0n"
set admin http redirect
set admin auth web timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
unset zone "V1-Trust" tcp-rst
unset zone "V1-Untrust" tcp-rst
set zone "DMZ" tcp-rst
unset zone "V1-DMZ" tcp-rst
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "tunnel.1" zone "Untrust"
set interface "tunnel.2" zone "Untrust"
set interface "tunnel.3" zone "Untrust"
set interface "tunnel.4" zone "Untrust"
set interface ethernet0/0 ip 10.1.0.7/24
set interface ethernet0/0 nat
unset interface vlan1 ip
set interface ethernet0/2 ip 10.66.176.242/24
set interface ethernet0/2 route
set interface tunnel.1 ip 10.66.177.0/24
set interface tunnel.2 ip 10.97.4.0/24
set interface tunnel.3 ip 10.66.170.0/24
set interface tunnel.4 ip 10.81.4.0/24
set interface ethernet0/2 gateway 10.66.176.2
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface ethernet0/2 ip manageable
set interface vlan1 manage mtrace
set interface "ethernet0/2" mip 10.66.176.242 host 10.1.0.5 netmask 255.255.255.255 vr "trust-vr"
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "Trust" "10.1.0.5/24" 10.1.0.5 255.255.255.0
set crypto-policy
exit
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
unset interface tunnel.1 acvpn-dynamic-routing
unset interface tunnel.2 acvpn-dynamic-routing
unset interface tunnel.3 acvpn-dynamic-routing
unset interface tunnel.4 acvpn-dynamic-routing
set url protocol websense
exit
set policy id 1 name "ranliao" from "Untrust" to "Trust"  "MIP(10.66.176.242)" "10.1.0.5/24" "HTTP" permit log
set policy id 1 application "HTTP"
set policy id 1
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set telnet client enable
set snmp port listen 161
set snmp port trap 162
set snmpv3 local-engine id "JN1239C99ADB"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit