Hi,
I understand you are referring tunnel.4 , and everything is working fine for this VPN.
As I said, it's always good practice to segregate VPN and LAN using different zones. So you can configure the security policy accordingly and other screen feature e.g. tear drop,syn-flood etc accordingly, on each zone/interface .
It's always good to segregate the traffic/users depending on their common security needs using zones, e.g. we use trust zone for LAN , untrust for public/ISP and DMZ for the servers.
Please let me know if you have any further doubts etc.
Thanks,
Vikas