|"I don't want them to access the internet"|
Then your dream is dead.
How do you think a remote user is going to access your network and a program on your network remotely?
Before the internet there was dialup. In your case you would need a modem bank of 500-1000 modems. Additonally you would need a toll free number with 500-1000 phone numbers off that in hunt so they could make long distance calls with no cost to them.
In the modern world, with folks traveling, stayin at hotels with internet access or conferance centers with internet access everyone vpns into their corporate network to run programs and check email either via a corporate mail server or an internet hosted mail server.
The internet is the road that transports what the user is doing to your network. Even ssh has to go thru the internet. VPNs are better in my opinion.
I would add that with 500-1000 users you need an enterprise solution and this will be in the 10's if not 100,000's of dollars.
You would need multiple internet connections and multiple vpn firewalls to handle just the incoming access not to mention what you need behind the firewalls to support their network access.
Consider instead of contracting for web hosting and have a ISP host your program. Users would still need internet access though they could be restricted to just that site which hopefully would also provide mail services. This will still cost you many $1000s per month.