The PIX will not redirect traffic back out the same interface it came in on.
To have Internet access while connected to the PIX with the VPN Client, you must enable split-tunneling.
2. Create an access list that defines the PIX internal subnets to the pool of addresses used by the vpngroup, and then point the split-tunneling to that access list.
See the following partial PIX configuration.
ip address inside 192.168.0.0 255.255.255.0ip local pool vpnpool 172.16.1.1-172.16.1.254access-list WEB permit ip 192.168.0.0 255.255.255.0 172.16.1.0 255.255.255.0vpngroup CLIENTVPN split-tunnel WEB
ip address inside 192.168.0.0 255.255.255.0
ip local pool vpnpool 172.16.1.1-172.16.1.254
access-list WEB permit ip 192.168.0.0 255.255.255.0 172.16.1.0 255.255.255.0
vpngroup CLIENTVPN split-tunnel WEB