ISA Server 2004 SP2 makes some changes to the way that destinations specified for direct access are handled.
The piece of UI in question is the direct access list in the Web Browser tab of the network properties. Under the heading Directly access these servers or domains.
Prior to SP2, if a requested destination name was in the list, it was accessed directly. With SP2 - a requested name in the list is accessed directly, unless IP addresses are included in the list. In that case, an attempt is made to resolve the site name to an IP address. Access is direct only if the resolved IP address is found in the list.
The bottom line recommendation is to add entries to the list as follows:
PingBack from http://www.hilpers-esp.com/621788-direct-access-isa-server-2004-a
PingBack from http://www.keyongtech.com/1227655-bypass-proxy-not-working-help
I think it was recognized that this would create confusion, but it was too late to change the model. Maybe in an upcoming version anonymous connections will only match anonymous rules? --Tom