As far as I know, the Cisco vpn client doesn't support split tunneling. I think there is another open source client "vpnc" and "kvnpc" that has been mentioned on this list that does support split tunneling, but I've never used it.
That would explain the problem. I'd heard about vpnc but haven't tried it:
<http://www.unix-ag.uni-kl.de/~massar/vpnc/>
The problem is that my peer uses a Windows directory to authenticate against and vpnc requires:
(From the README)
If you don't know the Group ID and Secret string, ask your administrator. If (s)he declines and refers to the configuration files provided for the vpnclient program, tell him/her that the contents of that files is (though scrambled) not really protected and can be extracted using tools shipped with any Linux distribution.
But I now notice that there's a tool on the vpnc page to reverse out the group password from the Cisco profile for use in the vpnc config. So I may try that out.
