As you may know, allowing TFTP through ISA was not an easy task in the past.
It looks that the future version of ISA, Threat Management Gateway (TMG) will include a TFTP filter, see Microsoft's About application filters article.
The TFTP filter in TMG Beta 1:
I've quickly tested it, trying to download or upload some files over a VPN connection to a TFTP server behind TMG from a VPN client. It worked very nice.
It was a straight process to allow TFTP for the VPN client, I've simply created an access rule allowing TFTP:
The TFTP filter is by default bound to the TFTP protocol:
Analyzing TMG's logs, we can see that TMG has allowed the server's response(which used to create problems, since the server chooses a different source port):
