Your two sites, on either side of the IPSEC tunnel, appear to be on the same IP range. For ease of configuration I would probably change one of the ranges to a different subnet/ip range. It will just help you to avoid any strange routing issues or any further complex config work.
You can always configure your IPSEC policy to pass all traffic between the subnets or just the IP's of the two DC's. You then don't need to worry about restricting/opening ports so much... unless its of a particular security concern for you.
I would suggest running DCPROMO etc whilst the server is on site with you, that way you can make sure your replication is working correctly and concentrate on any potential routing issues once its on the remote site. You don't need trusts because your already on the same domain. Sounds like you have the basic idea of what needs to be done though, hope this helps a bit! Don't forget if you do configure it locally first, you would then need to change IP address once on the remote site and update any DNS/WINS addresses etc for this server.
Edited by dirtdog900, 03 July 2012 - 02:22 PM.