Since ActiveSync role was published in ISA 2006 to my Exchange Server 2007 my Samsung i600 Windows Mobile 6 client start complaining with the warning message below.

"Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings.  Contact your Exchange Server administrator.
Support code: 0x85010004"

Before it was published with NAT and I have never seen this warning. I was not able to sync the mobile device anymore.

To fix this problem locate the Microsoft-Server-ActiveSync virtual directory in IIS MMC and uncheck Require secure channel (SSL) checkbox. Restart IIS.

This fixed my problem. Make sure you configure the internal SSL bridge to encrypt the data behind your ISA firewall. The communication between ISA and Exchange 2007 is not encrypted which is fine for lab, but for production generate a computer certificate on both ends for encrypted communication.