Due lots of questions on this subject we just published a post on ISA Server Team Blog about this behavior. If you are deploying ISA Server 2006 using NLB and wants to take advantage of IE7 Kerberos Authentication, read this article and see what to expect.