ActiveSync protection in ISA 2006 environment
Our document Exchange ActiveSync - Implementation Guide tells you how to protect ActiveSync which is published directly from Exchange server.
If you have ISA (or TMG) installed and have a firewall rule policy in it to publish ActiveSync, you should still follow that document.
On ISA, make sure "No Authentication" is selected in the authentication tab of its Web Listener.
Also, in Authentication Delegation tab, select "No delegation, but client may authentication directly",
That is all!
However, please make sure ActiveSync works under ISA before you add DualShield two factor protection on ActiveSync node of Exchange server.