I can not see your address book but you need to move your source NAT policy up. Something like:
insert security nat source rule-set NAT_Internet rule Source_NO_NAT before rule Source_NAT_Trust_Any
Thsi is because the source NAT is performed before the policy match so the source address of the packet will no longer match the source address of the policy that directs traffic through the VPN tunnel.