Hi,
Unless you're using an old NSR version, split tunneling is enabled by default (see link). However, I feel there are limitations with NSR that make the SA Network Connect option a lot better. The main restriction is you can only specify one contigous subnet to be d per for tunneling per VPN using My Connections, Remote Party Identity and Addressing. In the SA, you can specify multiple subnet as needed. Also, unless you create a Route Based dial-up VPN, you can't route traffic from the client to a spoke via a hub like you can with the SA. I hope this helps.
http://kb.juniper.net/index?page=content&id=KB5794&actp=search&searchid=1245105207799
-John