I do not know of a way to accomplish this. I believe that whenever the IPSec VPN is enabled, it will take precedence and traffic will pass through it. The only workaround I can think of is disabling the tunnel until it is needed.
yes that is what thought. I will initiate a feature request, since with Cisco we do not have such issues (...but others)
Having IPSec VPN as a fallback path would be a nice thing to have.