Scenario - -ISA server located in the DMZ -CAS, HUB, Mailboxes in trusted network. -No edge server, 3rd party anti-spam/malware How does ISA server SECURLY handle CAS traffic back to the trusted network? SSL? I can't seem to find a document explaining that piece. What will give me the warm fuzzy that port 80/443 traffic will not be passed to my trusted network. Thanks, Steve

Check out this image: http://www.msexchange.org/img/upl/image0021180518493827.gif From this article: http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/publishing-exchange-client-access-isa-2006-complete-solution-part1.html