I'm in a unique situation as I have 1000 sites with ~4000 clients and all of them are connected behind a NAT. The connection between the sites is a dedicated site-to-site VPN connection that provide reliable connections back to the ePO server. Currently every client is updating by going directly back to the ePO server. In the next year we expect to add an additional 2000 sites and 11,000 clients. For security reasons I cannot create any type of repository except an SA one.. (sorry can't go into detail here). The problem is that when a agent or super agent reports back to the ePO server it gives its actual IP address not its NAT'd one, and when the ePO server pushes to the SA it pushes to that IP Address not the DNS name. Now we go into the part where previous administrations architectural decisions box you into a corner... Most of the equipment at each of these sites have the same IP addresses. If this was not the case I could set up routes back to the individual networks and call it done.
In a nutshell I either have to re-IP 15,000 devices or make the SuperAgent repository push via DNS name (which I can then translate and redirect).
Any suggestions would be greatly appreciated!