Ok this still isn't working
Here is the config it might be horrible or not the best way to do it but it works.
Total Config size 11659:
set clock ntp
set clock timezone -5
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set service "Security" protocol tcp src-port 1-65535 dst-port 37777-37777 timeout never
set service "Security2" protocol tcp src-port 1-65535 dst-port 8554-8554 timeout never
set service "Security3" protocol tcp src-port 1-65535 dst-port 81-81 timeout never
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet2" zone "DMZ"
set interface "ethernet3" zone "Untrust"
set interface "ethernet4" zone "Untrust"
set interface "ethernet7" zone "Trust"
unset interface vlan1 ip
set interface ethernet1 ip 192.168.0.1/24
set interface ethernet1 nat
set interface ethernet3 ip xx.xx.xx.xx/xx
set interface ethernet3 route
set interface ethernet4 ip xx.xx.xx.xx
set interface ethernet4 route
set interface ethernet7 ip 192.168.3.1/24
set interface ethernet7 nat
set interface ethernet3 gateway xx.xx.xx.xxx
set interface ethernet3 bandwidth egress mbw 100000 ingress mbw 100000
set interface ethernet4 bandwidth egress mbw 400 ingress mbw 400
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 manage-ip 192.168.0.251
set interface ethernet7 manage-ip 192.168.3.251
set interface ethernet1 ip manageable
set interface ethernet3 ip manageable
set interface ethernet4 ip manageable
unset interface ethernet7 ip manageable
set interface ethernet1 manage mtrace
set interface ethernet3 manage ping
set interface ethernet3 manage ssh
set interface ethernet3 manage telnet
set interface ethernet3 manage ssl
set interface ethernet3 manage web
set interface ethernet4 manage ping
set interface ethernet4 manage telnet
unset interface ethernet7 manage snmp
set interface vlan1 manage mtrace
set interface ethernet3 vip xx.xx.xx.xx 37777 "Security" 192.168.0.108
set interface ethernet3 vip xx.xx.xx.xx + 8554 "Security2" 192.168.0.108
set interface ethernet3 vip xx.xx.xx.xx + 81 "Security3" 192.168.0.108
set interface ethernet1 dhcp server service
set interface ethernet7 dhcp server service
set interface ethernet1 dhcp server enable
set interface ethernet7 dhcp server enable
set interface ethernet1 dhcp server option netmask 255.255.255.0
set interface ethernet1 dhcp server option domainname cfl.rr.com
set interface ethernet1 dhcp server option dns1 65.32.5.111
set interface ethernet1 dhcp server option dns2 65.32.5.112
set interface ethernet7 dhcp server option lease 1440
set interface ethernet7 dhcp server option domainname cfl.rr.com
set interface ethernet7 dhcp server option dns1 65.32.5.111
set interface ethernet7 dhcp server option dns2 65.32.5.112
set interface ethernet1 dhcp server ip 192.168.0.10 mac 0017a4317875
set interface ethernet1 dhcp server ip 192.168.0.11 to 192.168.0.150
set interface ethernet1 dhcp server ip 192.168.0.3 to 192.168.0.9
set interface ethernet1 dhcp server ip 192.168.0.2 mac 0013723d9f48
set interface ethernet7 dhcp server ip 192.168.3.100 to 192.168.3.150
unset interface ethernet1 dhcp server config next-server-ip
unset interface ethernet7 dhcp server config next-server-ip
unset flow no-tcp-seq-check
set flow tcp-syn-check
set domain cfl.rr.com
set arp nat-dst
set address "Trust" "192.168.0.0/24" 192.168.0.0 255.255.255.0
set address "Trust" "192.168.0.100/24" 192.168.0.100 255.255.255.0
set address "Trust" "192.168.0.108/24" 192.168.0.108 255.255.255.0
set address "Trust" "192.168.3.0/255.255.255.0" 192.168.3.0 255.255.255.0
set ippool "VPN" xx.xx.xx
set ippool "VPN2" 192.168.25.100 192.168.25.200
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "VPN2"
set xauth default dns1 192.168.0.1
set xauth default wins1 192.168.0.1
set dns host dns1 65.32.1.65
set dns host dns2 65.32.1.70
set dns host dns3 0.0.0.0
set url protocol websense
exit
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "IKE" permit
set policy id 3
exit
set policy id 6 name "Jewlery Store Employees" from "Untrust" to "Trust" "Dial-Up VPN" "192.168.0.0/24" "ANY" tunnel vpn "Jewlery Store Employees" id 13 log
set policy id 6
exit
set policy id 8 name "Administrator VPN" from "Untrust" to "Trust" "Dial-Up VPN" "192.168.3.0/255.255.255.0" "ANY" tunnel vpn "Administrator" id 9 log
set policy id 8
exit
set policy id 9 name "Admin Vpn 192.168.0.x" from "Untrust" to "Trust" "Dial-Up VPN" "192.168.0.0/24" "ANY" tunnel vpn "Administrator" id 10
set policy id 9
exit
set policy id 10 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 10
exit
set policy id 11 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 11 disable
set policy id 11
exit
set policy id 12 name "Security" from "Untrust" to "Trust" "Any" "VIP(71.43.114.139)" "Security" permit log
set policy id 12
set service "Security2"
set service "Security3"
exit
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set nsmgmt bulkcli reboot-timeout 60
set nsmgmt bulkcli reboot-wait 0
set ssh version v2
set config lock timeout 5
set license-key auto-update
set ntp server "pool.ntp.org"
set ntp server src-interface "ethernet3"
set ntp server backup1 "north-america.pool.ntp.org"
set ntp server backup1 src-interface "ethernet3"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit