I'm not sure if I understand exactly what you are asking, but you can have access to both networks, through a VPN tunnel, but it may require you to define two "connections" in the VPN setup. Same endpoints for both, but different local or remote subnets in each definition. Is that what you are trying to avoid?
i trying to avoid that if i define one connection in the vpn setup, i can have access to both networks (two different local subnets) modifing the filter rules or this isn´t possible?
If you are planning to connect roadwarriors you could select Any as remote network 0.0.0.0/0 - that is a yes If you are planning to interconnect networks you'd need two Security Associations - that is a no.
I'm not aware of a way to do it exactly how you want, since you cannot use network groups in the VPN connections.
Most of the VPN devices that let you define the VPN rule as a group of hosts/networks to another group of host/networks still establish multiple VPNs behind the scenes.
You may have to define two VPN connections with Astaro instead of one, but it should still do everything you need it to do.
Why not use static NAT rules to map the services on your DMZ that you need to access, into your Internal net? Then, when you VPN into your Internal network, you have the best of both worlds, access to everything you need.
