This is certainly possible although the details will vary depending on the equipment that you choose. One popular way of doing this is to have 3 ports on your firewall, one of which leads to a completely separate DMZ segment. This has the advantage of isolating the publicly accessible portion of your customer's network from the private part, thereby enhancing security.
Assuming you are planning on using IPSec as your VPN, you will want to ensure that you configure its policy to allow non-VPN packets to bypass IPSec. RFC 2401 has more about IPSec policies, but you will need to consult your firewall/VPN's user's manual for details on the default policy and configuration.
Dig Deeper on MSPs and cybersecurity
Related Q&A from Jon Snader
Learn how to set an IP address on the network interface of a FTP/Web/mail server when a client has only one public IP address. Continue Reading
To connect to a WAN remotely, your client can use a VPN client or a leased line. Learn the pros and cons of WAN connectivity with each option, such ... Continue Reading
When using ISA 2000, some users can lose connection to the network and experience packet loss even if the VPN client is still connected. Learn how ... Continue Reading