1. Use the same domain it is easier and requires less domain controllers.
2. You can use any VPN connection that can handle dynamic dial (such as Routing and Remote access which comes with Windows Server).
3. Yes you can use the same VPN tunnel between the sites for that. Our you can configure RPC over HTTP so that the outlook users in the remote site access the Exchange Server over the internet with the connection encrypted by SSL so that you aren’t wasting bandwidth over the VPN. Granted it’ll probably be the same network connection, but this way the VPN server isn’t doing all the encryption of the traffic, each users workstation would encrypt and decrypt there own network traffic.
4. Yes you can install ISA at each site to control the Internet Connect. You should put ISA on another server so that your domain controller isn’t connected to the public internet.