IPSEC VPN routing problem

I need to use an IPSEC VPN to access a cluster of servers. The VPN connects correctly, but when it does, it adds a new default route so that all of my traffic goes through the VPN.

I'd like to route just a few IP addresses through the VPN.

I'm told that I should be able to re-order the services through the gear drop down on the Network panel of System Settings. When I do that, however, the VPN does not show up in the list of services.

So I look at the routing tables manually. When I'm connected to the VPN, I see:

root# netstat -nr

Routing tables

Internet:

Destination Gateway Flags Refs Use Netif Expire

default link#10 UCS 119 0 utun0

default 10.3.2.1 UGScI 35 0 en0

1.2.3.4 link#10 UHW3I 0 0 utun0

8.8.8.8 link#10 UHW3I 0 159 utun0 8

...

If I manually drop that first default route, (using route delete default), I'd expect that I'd be able to access the 10.3.2 network as well as the open internet, and I'd be able to manually add routes for the IPs on the VPN that I want to talk to.

After I do this, the routing table looks like:

root# netstat -nr

Routing tables

Internet:

Destination Gateway Flags Refs Use Netif Expire

default 10.3.2.1 UGSc 56 0 en0

10.3.2/24 link#4 UCS 5 0 en0

10.3.2.1/32 link#4 UCS 1 0 en0

...

but I still don't regain the ability to talk to local resources on the 10.3.2 network, nor the general internet.

I'm obviously a n00b in the ways of networks. Any recommendations?