What you are asking is called "Split DNS" or "Split Tunneling". The VPN appliance must support this OR you can manually enter the IP address and hostname information into your hosts file.
From How to set up a split-tunnel VPN in Windows Vista:
You also asked about split tunneling,
so let's take a moment to explain that
concept before walking through the
process of creating a VPN connection.
By default, when you create a VPN
connection, Windows funnels all of the
communications from your computer
through the VPN. So, if you're logged
into a corporate VPN from home to
check your email, all of the other Web
surfing you're doing on your computer
is also being run through your
corporate network. This is the default
behavior because, from the company's
point of view, it's the safest way and
ensures all traffic is protected
regardless of the destination.
You might not want this behavior,
however, for a couple of reasons.
First, it allows your company to
inspect all of your personal Web
traffic while connected to the VPN.
Second, it will likely slow down your
access to the Web, as everything must
first be sent through the VPN.
Split tunneling, on the other hand,
configures the VPN connection so that
only traffic headed to computers on
the corporate network is sent through
the VPN connection. Other traffic
leaving your computer goes out through
your normal network connection.
Follow these steps to set up a VPN
connection in Windows Vista that uses
split tunneling:
- From the Control Panel, choose "Network & Internet."
- Click "View Network Status and Tasks."
- Click "Manage Network Connections."
- Right-click on your VPN connection and select "Properties."
- Select the "Networking" tab.
- Highlight "Internet Protocol Version 4 (TCP/IP v4)."
- Click "Properties."
- Click "Advanced."
- Uncheck the "Use default gateway on remote network" box.
- Click "OK" three times to close the windows you opened.
From that point forward, only traffic
destined for your corporate network
will be sent through the VPN. All
other traffic will use the local
network.
EDIT1
The information that the Cisco VPN client is used wasn't in the original post, and it basically changes everything and much complicates any final solution.
The biggest problem is that the VPN server must have been configured to allow split tunneling. Otherwise, it just sandbags you in your computer.
Second, you can attempt to configure according to the Cisco article Configuring Cisco VPN Client 3.5 and the Cisco Integrated Client to Secure Nonencrypted Traffic While Using Split Tunneling.
However, I can recommend from my experience one solution that solves the problem without any additional configuration. This solution is simply to install and call the Cisco VPN client from a virtual machine. Even if the Cisco client then attempts to sandbag you in, it will only sandbag the virtual machine, rather than your computer. Your own computer stays free and able to use the Internet, while the VPN is used from the virtual machine.
EDIT2
The Cisco VPN client creates a tunnel, which can be voluntary or compulsory. The type of the tunnel is dictated by the administrator of the VPN server to which you connect. The compulsory tunnel will cut off all access to any external computer, including the LAN, and is what I called the "sandbox".
For more information, see Compulsory Tunneling in the following articles.
If you wish to become an expert in everything VPN, a good book is most recommended, since there is just too much information.
1I guess by connection to the internet you mean websites in particular. In that case you would need firewall that can route packets based on port/protocol or zones.
Its easy to do with linux unfortunately i cant help with windows but i think its worth to take a look at the windows firewall of windows 7 as it supports zone based configuration for each interface.
Maybe some windows expert will explain that :) – matthias krull – 2010-07-30T13:51:03.677