This "problem" was also encountered by myself. I was ready to kick myself square in the rear when I figured out the solution: The ISA is assumed to be dual homed with the default gateway pointing to the external NIC and a persistant route established for all internal "default" routes. The SSL certificate installed on the ISA server contains a "friendly" name or url. This name must match the name defined in the redirect area of the web publishing rule as well as in the https [protocol] allow filter section. Modify your /winnt/system32/drivers/etc/hosts file to include the same name used in the step above and bind it to the internal IP address of the destination site. All will be well with the world at this point.