normally its not on the same subnet, you can use any ip range you want for the virtual NC pool.

we tried changing the address range from 10.11.0.101 - 120 (for one department) to 10.1.0.1 - 20 and although still able to access the vpn, network connect does not work, cant remember the exact error message but will go test it again and get back to you.

the idea is that if you used ip pool with different subnet thaen the interface subnet , you should configure the routing proberly at your devices

your routing should froward traffic with dst add =ip pool to the SSL-VPN

You can any IP range even if it's not on the same subnet as the internal interface as long as the routing is setup to point back to SSL VPN box for all routing devices. Can you tell me what the error is that you are getting?

Did you configure the access list for that network?

Alternatively you can configure VLAN interfaces on the Juniper and assign the given roles to the VLAN interface. That will also change the non-NC users to be on the IVE's IP on the given VLAN rather than its native IP. That's what we do to allow some users to get on their "home" subnets when using the VPN.