I've been tasked by my organisation to create an Always On VPN infrastructure. My organisation has two domains (DOM-A & DOM-B) that are in a trust relationship, but the plan is for it to be 'domain-agnostic' - the user at home will connect to a cloud loadbalancer and this can send their connection to the RRAS / Network Policy server infrastructure in either domain.
The part I am unsure about is the certificates; if a DOM-A user that has user and machine certificates signed by the DOM-A PKI infrastructure gets their connection sent to DOM-B by the cloud loadbalancer, then presumably the connection will fail - is that right?
Can anyone give me a pointer to achieve the above, or is it simply not supported?
Thanks for any help.