If the existing security configuration cannot be changed, consider ISA Server 2004 for reverse-proxy configuraiton in the DMZ of existing firewalls.
Use the Enterprise version of ISA Server 2004 if redundancy and failover of ISA functionality is needed.
Never install any IIS components (except the SMTP service) directly on an ISA server.
Use the SMTP Screener service on a unihomed ISA server to secure SMTP mail flow to and from the Internet.
Use RADIUS or SecurID authentication when the ISA server is not a domain member.
Use a hosts file on the ISA server to properly resolve the FQDN of SSL-encrypted web pages, and use the full name in the ISA rule.
If needing a pre-built, pre-configured security solution for reverse proxy capabilities, consider the ISA Server 2004 appliances provided by third-party vendors.
Follow the securing procedures outlined in the other chapters of this book, only changing the listener network to point to All Networks when ISA is deployed as a unihomed server.