with "off domain" you mean outside of your network, right? So then an Agent Handler in your DMZ is most likely what you need. See Chapter 10 of the ePO Product Guide. The Agent Handler installation files are in the "agenthandler" subdirectory of your ePO installation files. See also PD22508.
Moved to ePO for better support.
Best advice I can give to you is to get to the epo5 platform. I think you will have/create issues when you want to migrate later on with EEPC active (at least I think I have read that somewhere).
Will eventually save you a lot of misery if you need to migrate after.
About off domain...I have to redirect you to Frank Enser's correct answer.
Agent handler (or an ePO even) in the DMZ (agent handler is nothing more then a guidless ePO, or actually more like a registered ePO server) will do most tricks. Dont forget to open up the nessecary ports to and from the DMZ to your ePO server and SQL. All is in the product guide.
Now if you mean by OFF domain that your ePO server isnt in the same domain then look up the LDAP connection you can set in the Server Settings. By doing so you can verify systems even when your ePO is not in the same domain or even in any domain for that matter. (I master several domains with just one ePO server which is perfectly possible).
Have a read up in the manual as well about registered servers (there are some options as well to your liking). (you can work with that since 4.6 I believe, so your 4.5 wont be compatible then)