ISA 2006 SP1 Configuration with Exchange 2010

Hi Ross! we're transitioning from e2k3 to e2k10 and trying to publish exchange services through ISA2006 SP1. All our efforts trying to make this sceneario work have failed. We can't avoid having our 2k3 users dealing with a double sign-in scenario, first on ISA then on the legacy.domain.local OWA web site. We have one external URL and one SAN certificate (no legacy on it) and try to have the seamless redirection but didn't work. We try and add a second certificate to a second legacy Web Listener for a legacy.domain.com to match this scenario you describe in this post and it didn't work neither. So we've ended up publishing e2k3 and e2k10 in a whole independent scenario, with a legacy rule for OWA and the URL mail.domain.com/exchage and another one for the /OWA , but we're probably facing issues on EAS and OA. It seems that the three elements involved: ISA 2006, E2k3 Front-End Server, and CAS Array can't have a common way of authentication so it make all the process seamless. ISA needs FBA, CAS needs Basic so does FE2k3 but then communication between CAS and FE2k3 is not working without double sign-in cause it only works ok between those 2 if there's FBA .... but then ISA does have HTML too!!!!
Maybe it's because of the 2 level domain scenario we have (domain.local and domain.com), or maybe it's just sth about authentication at the FE2k3 side that it's keeping it from work seamlessly but ... honestly, we've tried hard and it doesn't seems to work properly.