Hi!
If a subnet or a range of IPs from the office LAN is used for addressing of the dial up vpn users, this subnet/range must be explicitly routed back to the firewall on all servers that have to be reachable through the vpn. Another option is to configure static ARPs for these IPs on the trust interface. That's why it is always better to use a separate network for the dial up vpn users.
You can dynamically assign IPs (also DNS and WINS addresses if supported by the client) to the dial up users if they are configured as IKE+XAuth users. You should configure an IP pool (Objects --> IP Pools) and select it under VPNs --> XAuth settings. I would recommend to read ScreenOS Concepts & examples, Virtual private networks, Chapter 5. A good example can be found under the title "Shared IKE ID". It should be read in combination with C&E , User Authentication, Chapter 5 "XAuth Users and User Groups".
Kind regards,
Edouard