Is it possible to configure and IPSec site-to-site tunnel between the ISA Server and a router?
I tried it and it was not working correctly. The IPSec tunnel came up and the ISA Server received encrypted packets and decrypted them. But the problem was that returning traffic was routed normaly - so the ISA Server didn't encrypt these packets.
I've never tried it, and I don't recall anyone else saying that they have been able to do it. However, I don't see any obvious reasons why it wouldn't work, as long as you create the appropropriate packet filters, and IPSec policy. But you do bring up a good question, and that is how does ISA Server handle the routing of the packet set by the IPSec policy? Don't know! But it would be nice to find out.