Sorry for the confusion. What I copied there is the specific step in the instructions you link to that you need to change to have the tunnel setup for all the traffic to go to the SSG instead of split tunnel.
The ip addresses represent the traffic you are sending to the SSG side of the connect their sample network you need to change to the all networks address. 10.1.2.0/24 in your configuration was changed to whatever you have for local resources. 0.0.0.0/0 means instead send all traffic to the SSG.
You client gets a /32 out of a pool configured on the SSG in the instructions you link the pool is 10.2.21.1-254. Whatever you set this pool to is the address that will be going to the internet when the client is connected.
You create a policy then from this pool range zone to the untrust zone to allow inernet access. and on the advanced tab enable source nat with the egress interface.