I understand that you are using policy based dial-up vpn. By default it should be using IKE gateway interface as source zone(e.g. Untrust).
So you would be using a policy e.g: set policy from "Untrust" to "Trust" "Dial-Up VPN" "(Trust zone Subnet)" "ANY" tunnel vpn "(vpn name)"
Above policy will restrict vpn users to the trust zone subnet only. If you are using "any" as trust zone subnet then specify the subnet to restrict the access. Also, if you are configuring proxy-ID in the vpn client then you may need to modify that as well to bring up the vpn.
Thanks,
Vikas