There are a lot of reasons to not install ISA Server on a domain controller. First, the configuration can get complex and confusing for someone that doesn't have a lot of experience with Windows 2000/03 networking and ISA Server. Second, you're putting your family jewels on the edge of the network.
While it's unlikely that the ISA Server will ever be compromised , you can bet that it's going to be the ISA Server machine everyone is trying to break into. If someone does compromise the ISA Server that's running on a domain controller, they now have access to the most important component of your enterprise. It would be relatively easy to just delete your Active Directory database or corrupt it (in fact, you don't even need a hacker to get a corrupted Active Directory ).
Taken from :
When will ISA be supported on x64?
Is there now work around to get isa 2006 on x64??
MS never mentioned anything about this topic.
only that the new firewall client now support x64 machines.