Then do it the other way.
open the ISA gui.
Select the firewall policy on the left - right-click it and select new - access rule
Give it a name, select allow
Select the remote desktop/terminal services protocol
In the from box, select internal from the list of networks
In the to box, select external, all users
Apply the policy