firewall configuration
First of all as long as there is a route to the domain controllers and the DNS servers serving OB2 have the correct SRV records I don't see a problem with just joining the computers in OB2 to the domain in OB1 - make sure before you join them that the VPN tunnel is up you can do this is by pinging the domain controller before you attempt to join it to the domain. It is unlikely that the tunnel being down would keep the machines from being able to join the domain but it doesn't hurt to have the tunnel established first. Remeber a VPN tunnel will time out even if its site to site eventually and will only come back up when "interesting traffic" is seen attempting to traverse it. If you want to use the same firewall in both locations the easiest way is to set the router in OB1 to use the firewall as the gateway of last resort. This should force the router to send internet bound traffic to the firewall for a route decision. You will then have to set an interface on the firewall to be in the same external network as the router in OB1 so that you can configure the router to deliver inbound traffic to the firewall for routing inside your network.
Thats how it could be done - however i would not do it this way. There are several reasons - first of all the fact that you have two separate internet connections will make this tricky and needessly complex. The second thing is that communications between the two buildings will be slow. I don't know how big your organization is or what kind of equipment you are working with but given the information in your question i'm guessing you don't have a lot of money - that being said i would carefully consider buying another firewall for the first location it will save you a headache not only in network speed and efficiency but troubleshooting will be quicker and easier than if you go with the model you describe.
Let me know if this helps.
- J.Schupp
