Buon giorno,
basically, what you need to do is set up both th BRI interface on the 1700 and the ISA server as each other´s peer. The configuration on the 1700 would look like this (all IP addressing is arbitrary):
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key cisco123 address 192.168.1.2
!
crypto ipsec transform-set myset1 esp-3des esp-md5-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 192.168.1.2
set transform-set myset1
!
match address 100
!
interface BRI0
ip address 192.168.1.1 255.255.255.252
crypto map mymap
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
half-duplex
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 BRI0
!
access-list 100 permit ip 172.16.1.0 0.0.255.255 172.16.2.0 0.0.255.255
On the ISA side, I am not sure if the ISA 2003 has a wizard similar to the 2004, but have a look at this document:
Configuring IPSec Tunnel Mode VPN Between ISA Server 2004 and Cisco PIX v6.3.1
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ipsecvpn.mspx
Although the endpoint in this example is a PIX, the procedure for the ISA is the same.
Let me know if this helps, and if you need more help to get this to work.
Regards,
GNT