Is your existing vpn from the ssg remote site to the HA site route based vpn?
If so, you can simply add the route to the PAN site on the SSG remote site.
Expand the security policy to permit the traffic on both SSG remote and HA
And this VPN is ready to go.
PAN requires setting up policy vpn on the PAN side.
So here you will add the ssg remote site subnet paired with the local PAN subnet to this VPN
On the SSG HA side if this is a policy vpn I am pretty sure you have to change this to route based for straight pass through connections between the two remote sites.
In addition to the normal route based setup, you also then need to create the proxy-id pairs that match the policies installed on the PAN device.