I have to second that, and ask a couple of questions:
I will be standing-up a 2006 ISA box soon. Right now, I have a 2004 ISA box used for OWA only. I have a forest with two domains and this ISA box is accessing the OWA on the Exchange box in Domain1 (the ISA box is a member of Domain1). I was told to stand-up an ISA box for Domain2 for the OWA on the Exchange in that domain. I believe this to be a waste of resources but am not sure how to make the ISA for Domain1 work with the other domain. Just so you know, there are no restrictions on communications between these two domains. They are on separate subnets and I can put another NIC in for the other domain.
I am trying to get the company to allow me to put the exchange boxes on the root servicing both domains...this would be much easier for many reasons, as I'm sure all reading this would agree. However, they are slow to act, so I must do things the wrong way to wait until I can convince them to do it the right way.
Is there documentation that tells me explicitly how to make this one ISA box work for both domains?
Incidentally - there is only one CA in the forest and it is the Exchange box in Domain1.
Also, I intend to upgrade the 2004 ISA box to 2006...is the upgrade as simple as putting the disk in and running a wizard? Or, must I wipe the box and start over?
Lastly, the previous person baselined the ISA 2004 box with Windows 2003 Enterprise. Can't the ISA Standard 2006 be on a Standard version of Windows 2003?
If the domains trust each other, the ISA firewall can authenticate users from both domains. If they don't, then we have to use some other mechanism.
For inbound OWA access, use the LDAP mapping feature. It's really cool! Check out this week's article for a couple of screen shots. Maybe I'll do an article on this setup next week, as it's pretty easy :)