New Remote Site (Active Directory)

[BoomAM]

Afternoon all,
I'm trying to work out the best way of doing something:

Lets assume the following, two sites, connected via a Layer2 point-to-point link.
We would want the second site on a different subnet than the main site.

How would you go about creating the basics of the other site, firewall & DC's.

I've a few ideas in mind but i was wondering what directions you all would take...

Thanks.

--
Process i was considering:
- Create VM for DC for site2.
- Run ADPrep
- Add new DC to domain
- Run DCpromo
- Create new site/subnet in S&S MMC
- Place new DC on its new subnet & site
- Set TMG to allow routing to new subnet
- Test
- Send packaged VM to new site.

Rough outline admittedly...

 

[BoomAM]

OK this is odd.

Created the new DC on a new subnet.
- AD appears to replicate.
- I can ping to anything on the main subnet.
- I can ping from the main subnet to the new subnet.

BUT
- DNS doesnt appear to want to pass recursive queries to other DNS servers.
- Cant access file shares from new DC to file server on old subnet.
- Sites & Services, the connections have only automatically generated between the new DC and one of the old DCs.
- Cant get on the net even though the firewall is setup....

Odd...

 

[BoomAM]

nm, had a brainwave.
Its been a while since i touched site-to-site, little rusty.

 

[BoomAM]

Appears to be fine when on its own subnet with its own firewall.

Problem now is that the VPN connection between two TMG firewalls doesn't appear to want to work.
Set as PPTP for now (for testing), it lets pings from the remote network's TMG to the main network, but not the other way around, or other clients on the remote network.
With logs on the main networks firewall saying its denied because "the destinuation is unreachable" ? or if trying RDP, "the policy rules do not allow the user request".

What's strange is that in Routing & Remote Access, the remote server connecting via PPTP only appears as a normal PPTP client on the main sites firewall!?

Any ideas?