I setup an active directory with 2 domain controllers. Each is within a physically separated network with one public IP behind a firewall. If i open a vpn tunnel on one server the replication works. But i want to make the replication without a manual vpn connection (although, now it's a task, but a user session is still necessary) the plan is to implement a direct server connection, for instance by using IPSec. Therefore, I created two AD sites and as far as I understand, i put the public IP of one network in the Ip address field in the "add subnet" wizard. Is this correct? What subnetmask do i need to add /0? I would then configure port forwarding to the internal server address on the firewall?
Is this concept going to work or would it be easier to setup a vpn tunnel between the networks and use different ip ranges? This would use new routers.
Thanks in advance for any help!