ok, I assume these addresses are in the same /29 as your eth3 interface ip. If they are in the subnet no configuration by the ISP is needed.
This command in your posted config does enable proxy arp.
set arp nat-dst
Follow these instructions to create the vip and policy.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB4740
Be sure to leave the check box off on server auto detection.
If this does not work run debug flow basic on the connection attempt use your source address for the capture and your destination address.
If this comes up empty just use your known source address to see what the SSG sees in the traffic.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208
If this is still empty of the desired forwarding run a snoop packet capture on eth3 just your source address to verify the packets are seen.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411