Dear Erik,
If you can't connect to Internet, neither to the SEPM... there's no magic solution to get the updates, I am afraid.
In such scenario (a group of unmanaged clients in an isolated network, very common, indeed), the most used solution is to use an internal LiveUpdate server.
1) for that isolated location, set up an internal LiveUpdate server (i.e., LiveUpdate Administrator - LUA)
https://www-secure.symantec.com/connect/articles/knowledgebase-articles-liveupdate-administrator-lua
2) of course, you need to allow the connectivity between your LUA and Symantec servers and your clients and your LUA, i.e. the content flow will be: Symantec > your LUA > your isolated clients.
3) AFAIK, you can't export/import policies directly from the SEPM to the SEP, it should be SEPM-to-SEPM or SEP-to-SEP, hence:
3.1) in the SEP Manager, set up the LiveUpdate policy for those clients to use your LUA server
3.2) assign the same policy to a test client able to connected to the SEPM and the LUA
3.3) export the policies from the test client (once you know it works)
3.4) manually import the policies into your isolated clients
OR, for unmanaged clients:
4) http://www.symantec.com/business/support/index?page=content&id=TECH166129
Commucation with SEPM is not required if LUA is used, neither the sylink.xml controls this communication, the sylink.xml is about the communication with SEPMs, nothing else.