I'd like to know if there is any way to force users on an inside interface to authenticate to an AAA server when trying to access resources on the outside interface? We have a very sensitive deployment coming up, and the ability to restrict outbound access at the user-level is a requirement.

I know that for Remote Access this is easy, but I don't know about LAN access.

Thanks,