Hi,
I assume you are referring to an Remote Access VPN on an ASA and using AnyConnect?
You could issue certificates to computers/users of the 2nd domain from the 1st domain (that the ASA can already authenticate) or if the 2nd domain has it's own CA, you should be to define another Trustpoint on the ASA and therefore the ASA would trust either CA and could authenticate connections using either certificate.
So therefore they don't necessarily need to be part of the same domain, it would make things easier for you though.
HTH