Go to the Manage Locations section and set up a Connected Location and a Remote - Disconnected Location.
Set the Connected location to be true if the client can contact the SEPM. Set the Remote - Disconnected to be true if it cannot contact the SEPM.
Enable Location awareness in the group policy. You will then be presented with two locations in the policies screen of a group. In the Connected location apply a LiveUpdate policy that downloads from the SEPM. In the Remote - Disconnected location apply a LiveUpdate policy that uses a LiveUpdate server, and choose the default of the Symantec LiveUpdate (internet).
That's all. It works well. You can even set the LiveUpdate button on the client to be enabled in the Remote - Disconnected location if you want to give your users the ability to update their definitions on demand as well.