SRX "Hairpining" issue

Hi,
Please share with your knowledge how I can configure "hairpin" on Juniper SRX for access to server which have static NAT rule. Suppose that I have local subnet 10.213.0.0/24, snat rule for all local subnet 1.1.1.1/32 and static NAT rule for local ip 10.213.0.10/32 to 2.2.2.2/32, also I configured "Hairpin" how showed in link:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB24639&actp=search
So, when I try establish tcp session from ip 10.213.0.20 to ip 2.2.2.2 (10.213.0.10), on dest. server (10.213.0.10) I see tcp syn from ip 10.213.0.20 and syn ack sended directly to ip 10.213.0.20, due this tcp seesion cannot be established. Not quite understand why on server 10.213.0.10 source ip 10.213.0.20 instead router ip ...
I tried change static NAT on DNAT and SNAT, but result same.
Maybe somebody has experience with this case.
My config:

set security nat source pool snat-pool address 1.1.1.1/32
set security nat source rule-set hairpin-nat from routing-instance 55555
set security nat source rule-set hairpin-nat to zone UNTRUST
set security nat source rule-set hairpin-nat rule hairpin-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set hairpin-nat rule hairpin-nat-rule then source-nat pool snat-pool

set security nat destination pool hairpin-pool address 10.213.0.10/32
set security nat destination rule-set HAIRPIN from routing-instance 55555
set security nat destination rule-set HAIRPIN rule rule-hairpin-destination match source-address 10.213.0.0/24
set security nat destination rule-set HAIRPIN rule rule-hairpin-destination match destination-address 2.2.2.2/32
set security nat destination rule-set HAIRPIN rule rule-hairpin-destination then destination-nat pool hairpin-pool

set security policies from-zone TRUST to-zone TRUST policy default-permit match source-address any
set security policies from-zone TRUST to-zone TRUST policy default-permit match destination-address any
set security policies from-zone TRUST to-zone TRUST policy default-permit match application any
set security policies from-zone TRUST to-zone TRUST policy default-permit then permit

set security policies from-zone UNTRUST to-zone TRUST policy default-permit match source-address any
set security policies from-zone UNTRUST to-zone TRUST policy default-permit match destination-address 10.213.0.10
set security policies from-zone UNTRUST to-zone TRUST policy default-permit match application any
set security policies from-zone UNTRUST to-zone TRUST policy default-permit then permit

Thanks in advance !