You can use XAuth to auth users and provide specific IP assignments (via IP/NAT Pool), but the policy is unique to the VPN and not a user. You can restrict resources in the Policy, but the Netscreen Remote software has classful limitiations and is unable to permit/deny multiple subnets. I would recommend using a Route Based VPN and then adding policy as needed (i.e. VPN 192.168.10.100/32 Trust 192.168.1.50/32 Permit). If you have users with different needs, you can assign them an IP instead of using an IP from the pool. This would allow you to leverage policies as needed. Does this help?
John Judge JNCIS-SEC, JNCIS-ENT,
If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.