Log on to Forefront TMG server as an administrator. Start menu>All Program>Click Forefront TMG management>Expand Forefront Server>Right Click on Firewall Policy>Click New>Click Exchange Web Client Publishing Rule>Type Rule Name>Click Next>Select Exchange 2010 from Exchange version>check Exchange ActiveSync. Click Next. Now follow the screen shots for rest of the configuration.
Click Finish and Apply changes.
Once, Exchange ActiveSync published. Now You have to setup authentication type mentioned earlier. Click on E-Mail Policy>Select E-Mail Policy Tab>Select SMTP/Internal/External Policy you have created earlier for Outlook Web Access using Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010 this link. Double click on the policy>click Listener Tab>Click on Advanced>check same authentication type (for example: basic authentication) selected in this rule. Apply and Ok. Repeat all other rules you have created such as OWA, Outlook Anywhere.
In the exchange ActiveSync publishing rule, I have selected basic authentication. So I have to setup authentication type in the IIS of CAS server placed in DMZ or perimeter. Now log on to Exchange CAS server. Start menu>Administrative Tools>Internet Information Services (IIS) manager>Click Default Web Site. On the right hand side window, double click on Authentication. Now select basic authentication>right click and enable basic authentication. If you have selected different authentication type in exchange publishing rule then select and enable the authentication type as appropriate for your situation.