OWA behind ISA works but Active sync give error - An HTTP 403 error

ISA has two nic; first nic connected to external broadband with multiple static ip addresses and second nic to internal LAN where Exchange, DC and rest of the servers/clients are connected.

So far from ISA i have published OWA with the SSL (www.instantssl.com). Usesr from outside typeshttps://mail.mycompany.com where they are prompted with outlook web access form. They can successfully logon with their domain username & passwd to send/receive emails.

Now i am trying to setup Exchange Activesync so that users can use their phones to setup the email. This is what i did:

Created another rule to publish exchange
- selected Exchange 2007
- ticked on Exchange Activesync
- entered myexchange1.mycompany.com
- selected Accept requests for "This domain name" - and typed mail.mycompany.com
- created new web listener - selected External networks with diff ip than the one used with OWA weblistener - used 443 as port - selected certificate as mail.mycompany.com - selected Basic Authentication
- selected the above web listener
- Added All Users

Now from my iphone if i setup as
email: user1@mycompany.com
server: mail.mycompany.com
domain: mydomain
username: user1
password: ********
use ssl: ticked

When i access the mail app, it gives error

Exchange Account
Unable to verify account information.

ISA Logging shows followings:
Action: Denied Connection
Rule: Default rule
Source Port: 52291
Dest Port: 443
Result Code: 0xc004000d FWX_E_POLICY_RULES_DENIED
Log Record Type: Firewall

From a PC from my home if i type

https://myexchange1.mycompany.com/Microsoft-Server-ActiveSync Server not found page displays
https://mail.mycompany.com/Microsoft-Server-ActiveSync will redirects page to outllok web access form

From PC in Lan if i type this in the browser
https://myexchange1.mycompany.com/Microsoft-Server-ActiveSync
I get a login username and password box. Once i type a correct username and password i get just blank page with no errors.

Also within a lan i can successfully access email using
https://myexchange1.mycompany.com/owa/
or
https://mail.mycompany.com

What could be the problem.

i tried this website to test the activesync
https://www.testexchangeconnectivity.com

and this is what i got

Testing HTTP Authentication Methods for URL https://mail.mycompany.com/Microsoft-Server-Activesync/.
The HTTP authentication test failed.
Additional Details
An HTTP 403 error was received because ISA Server denied the specified URL.

Help will be much appreciated. thank you.