Is it possible to split tunnel on permanant l2l VPN?

So here's the scenerio...

I have a remote user who has a Cisco 881 running 12.4 IOS that connects to our corporate ASA 5510 via IPSEC l2l vpn. He also has a consumer DLink router that he would like to put behind the 881 for his family's PC's. The thing is, he does not want his family's traffic routed through the VPN.

Hopefully this can be done via the IOS so he doesn't have to resort to other VPN solutions like the Cisco VPN client or EasyVPN.

Current Config:
=====================================
Building configuration...

Current configuration : 3783 bytes
!
version 12.4
configuration mode exclusive auto
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname Cisco881
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096 informational
no logging console
no logging monitor
enable secret 5 xxxxxx
!
aaa new-model
!
!
!
!
aaa session-id common
clock timezone XXX -X
clock summer-time XXX recurring
!
!
no ip source-route
ip dhcp excluded-address 192.168.97.1
!
ip dhcp pool inside
import all
network 192.168.97.0 255.255.255.0
default-router 192.168.97.1
option 150 ip xxx.xxx.xxx.xxx
dns-server xxx.xxx.xxx.xxx
!
!
ip cef
no ip bootp server
ip domain name xxxxxxxxxxxx
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
!
!
!
!
username xxx.xxx.xxx.xxx privilege 15 secret 5 xxx.xxx.xxx.xxx
username xxx.xxx.xxx.xxx secret 5 xxx.xxx.xxx.xxx
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxxx address xxx.xxx.xxx.xxx
!
!
crypto ipsec transform-set vpn esp-3des esp-sha-hmac
!
crypto map CMAP_1 1 ipsec-isakmp
description Tunnel to xxx.xxx.xxx.xxx
set peer xxx.xxx.xxx.xxx
set transform-set vpn
match address 100
!
archive
log config
logging enable
logging size 200
notify syslog contenttype plaintext
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
ip scp server enable
!
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
no cdp enable
!
interface FastEthernet2
no cdp enable
!
interface FastEthernet3
no cdp enable
!
interface FastEthernet4
description WAN - FW_OUTSIDE
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map CMAP_1
!
interface Vlan1
description LAN - FW_INSIDE
ip address 192.168.97.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
ip nat inside source route-map RMAP_1 interface FastEthernet4 overload
!
access-list 1 permit 192.168.97.0 0.0.0.255
access-list 12 remark SNMP Access ACL
access-list 12 permit xxx.xxx.xxx.xxx 0.0.0.255 log
access-list 12 remark allow network management subnet
access-list 12 permit xxx.xxx.xxx.xxx 0.0.0.255 log
access-list 12 remark allow network monitoring subnet
access-list 12 deny any log
access-list 100 permit ip 192.168.97.0 0.0.0.255 any
access-list 101 remark allow network management subnet
access-list 101 permit tcp xxx.xxx.xxx.xxx 0.0.0.255 host 0.0.0.0 range 22 telnet log-input
access-list 101 remark allow network monitoring subnet
access-list 101 permit tcp host xxx.xxx.xxx.xxx host 0.0.0.0 range 22 telnet log-input
access-list 101 permit tcp host xxx.xxx.xxx.xxx host 0.0.0.0 range 22 telnet log-input
access-list 101 deny ip any any log-input

no cdp run

!
!
!
route-map RMAP_1 permit 1
match ip address 100
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
password xxxxxxxxxxx
no modem enable
line aux 0
line vty 0 4
access-class 101 in
exec-timeout 15 0
privilege level 15
password xxxxxxxxxxx
transport input ssh
!
scheduler max-task-time 5000
end
=====================================

I'm guessing it could be done by just modifying the ACL(s) and/or route-map, but I don't want to block out time for attempting this without getting some sort of confirmation that this is even possible first. I see all kinds of example configs using easyvpn and or a vpn client, but nothing like this (l2l vpn).

So, is it possible to split traffic using the above config?