In your travels through the various ISA publishing wizards, you may have wondered, "what exactly does ISA 2006 do that ISA 2004 can't?"
Here is the list, folks:
Ø Certificate authentication + Kerberos Constrained Delegation. Think EAS & OWA with user certificate authentication.
Ø Authentication Delegation for Basic, NTLM and Kerberos. ISA 2004 only had Basic Delegation.
Ø Web farm publishing using cookie or IP affinity. Provides many advantages over NLB at the Exchange FE servers.
Ø Client-aware authentication. Finally; a single listener for *all* Exchange web publishing!
Ø Code-page-aware web publishing. When the client application provides this information (most do), ISA can deliver language-specific error and logon/logoff pages.
Ø LDAP authentication for web publishing was added.
Ø Enterprise & Array Global and rule-local link translation. Your arrays & rules can share link translation settings!
Ø Certificate quality awareness (ISA 2004 SP2 has a *small* piece of this)
Ø Configuration Storage server connection via VPN tunnel (branch office scenario)
Ø Flood mitigation like no other. ISA 2006 can detect malware activity; not just “packet storms” (I know; I tested it!).
Ø
The envy of their peers for having deployed the kewlest firewall/proxy on the planet (the galaxy is still being evaluated).
Jim Harrison has written a good short post on the ISA product group blog aboutthe  new features…