You need to use the CVPN3000-IPSec-Split-Tunnel-list attribute.
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a0080205a47.html
You need to define your split tunneling lists on the concentrator but they do not get assigned there. In acs, you send the vpn3k attribute for the user or group with the list name, to the concentrator. The concentrator, when it gets the radius attribute, applies it to the appropriate vpn client.