If you didn't set up the PIX to do split-tunnelling, then ALL traffic from teh VPN client will be encrypted, meaning they'll lose their local access as well. You can set up split-tunnelling by following this:
http://www.cisco.com/warp/public/471/vpn3002pix-6421.shtml
Don't worry that this is for a hardware client, the config on the PIX side is the same. Note the "vpngroup ... split-tunnel" command, and how it interacts with an ACL. The ACL defines traffic from your internal network(s) going to the VPn pool of addresses (you can have more than one ACL line here if you have more than one internal network).
The next time the client connects only traffic destined for those internal networks will be encrypted.