Can anyone point me to a howto, or other tutorial that might provide some insight in solving this problem....
Two buildings "A" and "B", each with it's own LAN made up of C3750 switches. A 2800 router is at each building and a fiber optic WAN point-to-point line connects between the two routers. Each building has it's own separate IP address network, and very limited traffic is allowed to pass across the routers between the two networks. In fact, all traffic is shut off by ACL's in the routers except for a limited number of workstations in building "A" are permitted to access some applications on a very specific limited enumerated set of host addresses and tcp ports in building "B" and vice-versa. Opening up broad ranges of hosts and/or ports in either routers' ACL lists is strictly forbidden. The dilemma is that there is a desire to install one Cisco VoIP phone system across the two buildings' LANS as if they were one single network and one single organization when they are in fact two separate organizations on the data network side of things... the data networks must remain strictly separated except for the limited amount of individual host-to-host traffic. Is it at all possible to create a separate voice VLAN that spans both buildings so that the phones will work seemlessly, while preserving the relative isolation of the two separate data networks? The Cisco pc apps such as Attendant Console, video conferencing, etc, would have to work seemlessly from PCs on the data networks in either building too. It would have to be so secure also, that there would be no possible way at all for an unauthorized workstation in either building to then be able to circumvent the routers' ACLs and gain access to any unpermitted host in the other building. Security of the data networks is of such paramount importance that even an accidental breach could bring about severe punishment to the poor schmuck who's in charge of securing the networks.