Internal Firewall Question

I'm trying to set up a small company's network that will ride off of a larger company's network. For legal reasons, small co will be firewalled (checkpoint) behind larger co's network, fiber uplink between buildings. They will use some applications of larger company and internet service of larger company is being used as well. So basically it almost is like the larger company network is one big DMZ for smaller co. They just added the requirement of having a domain trust between co's. Domain trusts require un-natted connections with a ton of ports open between domain controllers, so I'd like to open up traffic from small co's few servers 172.16.10.x to a couple server vlans in larger co 10.10.10.x, 10.10.11.x.
I've considered just bringing those vlans straight over on the switch but company doesn't really want to extend there server network across buildings, setting up a vpn (seems odd way to do this for internal traffic), but wanted to know if I can do this just with routing, ACL's, nat rules but I'm not sure. Right now larger co's plugged in the wan interface, and small co in the lan but i'm confused how to get by the outbound nat rules for the servers. Maybe I should just reconfigure with both on a trusted interface and just use acl's to restrict traffic with no nat. Any thoughts?