Are you talking about vpn connection or restricting access? I guess it is about restricting access.
It won't work on ISA but you will need AD with GPO, and it depends on what you want to do. However you still can 'lock down' users: - restrict USB access with hardware ID - edit TCP/IP settings to force authentication on ISA server - force a network on a user All those policies will eliminate the need to find out what the user does with another internet modem. You can do it with local policies as well, but it's way simpler to do it on the whole network.
For ISA, yes you can log internet flow, but it won't help you for what you want to do. Also keep in mind, if you want to do it once in a while or all the time. If it's once a while, you can log internal flow with ISA, if it's all the time, you need SQL to record the logs.
I hope i answered your question, if not, let me know.