You can set this environment up but it will require an additional website license because you're running it under 2 different domains. Once you have that license setup, you'd need to setup the ability to sync the database with another database.
That all being said, you could very well leave the intranet public but require logins for everything. Your logins could be done through Active Directory using Kentico so they only have to manage one set of user accounts. There are other solutions to this as well but it all depends on your environment setup and what is allowed and what isn't.