Much of the whole, complete, and true answer depends
on how this machine is connected to the network(s).
One could start by configuring the server with two IPs.
In the IIS mgmt interface, in the properties of each site,
set the site for one of the IPs (instead of the default, all
unasigned). While in the properties of the internal site,
go into the directory security tab and set the site to not
allow anonymous access, and depending on your client
environment you would probably check that the internal
site uses Windows integrated authentication.
Next, make sure that the NTFS permissions on the content
of the internal site allow for your users but not for the
IUSR_/IWAM_ accounts used for anonymous access.
You may or may not be using host-based IP traffic control
of some form on that server, but if so you can define allowed
access to the internal site IP so it must originate from only
you internal systems.
However your server sits network-wise so that it does
respond to both external and internal requests, you need
to adjust this so that external only get to the intended, single
IP and so that responses from the internal site IP cannot go
out onto the internet.
Those are some starting points, not exhaustive, but do get
you toward a fairly safe separation of the site, provided
that the server is safe from invasions/exploits (untrusted
internal users, excess exposure to external netword).
