Hello there,
tough, tough, those unwanted inheritances :-)
Let's start at the bottom. Running ISA in a VM is no problem in most cases. The only thing I'm not sure about is whether Microsoft Support supports it if you put a query to them, but otherwise you should be fine. Hmm, re-reading this, then let me add that that's my experience with virtualization enviroments like VMWare VI3, vSphere and HyperV; I don't know what will happen on Xen or stuff like VMWare workstation etc.
A unihomed (=1 NIC) ISA can have it's uses. I use it, for example, for doing web-publishing for a complex backend farm (reverse-proxying, we call that). But you're right in that most installations are multi-homed.
The spoof attacks need not necesarily be "real" - ISA has a habit of seeing stuff as attacks that are not real. Have a real close look at the event log to see if the panic is justified.
Most likely your system policy settings are out of whack; that's what I gather from WSUS not being reachable.
What might be a good idea is to draw out a picture for yourself of what you want ISA to do in the first place. Then build a new VM (heck, it's virtual, so it's pretty much free). ISAServer.org has a bunch of tutorials that should then help you to build exactly what you need (
http://www.isaserver.org/articles_tutorials/installation_and_planning/) . Of course it would help if you'd be able to go to a newer version - 2006 is a lot more user friendly and let's you do some sweet stuff.
