Hi,
You men you want to give them access to only few/specific Internet resources? The best way to achieve this is via an integration with a web proxy servers, you do the policies there. If you don't have this, you could use twice NAT and allow NAT to happen only for specific destinations. Like for example:
same-security-traffic permit intre-interface
nat (outside,outside) source dynamic ABC interface destination static XYZ XYZ
in ABC object you define the VPN pool
in XYZ object you define the allowed Internet resources that users can access
Regards,
Cristian Matei.