From: Sydney, Australia
doh! I forgot 'problem 2' IF images are being 'denied' then the ISA proxy logs will advise the rule that is doing this. Alternately if you expect they should be 'allowed' then if full logging (all fields) is enabled then it should indicate both the protocl rule and the site&Content rule that allow the access. if there aren't 2 rules listed in the logs then check the rule you would EXPECT is supposed to be allowing the access. Additionally, check the ISa server itself as well as client PC's for spyware/adware infections as well as modified hosts files that might be trying to redirect traffic for certain domains.