@shez1983 No, actually i copy and paste my answer to my original question to make it clear what i asked.. :) (sorry if it make you confuse)
maybe VPN is the best approach right now.. i just searching posibility to solve this problem as my question.. i just hold my question cause i still research this..
If it's an internal system, they have internal IPs that will access the website?
If so, restrict all logins to those IPs (/16 range or whatever) but allow certain user accounts to access from anywhere? I don't really understand if that's what you mean but that's the best bet. Also use their IP to resolve it to a country/ISP and lat/lng. I use an API for that http://dazzlepod.com/ip/me.json