Situations where contact addresses are needed

An example of a situation in which Contact Addresses are needed.

In this illustration, there are several remote engines that are managed through Management and Log Servers at a central site. NAT is typically applied at the following points:

The central site engine or an external router can provide the SMC servers external IP addresses on the Internet. The external addresses must be defined as Contact Addresses so that the remote engines can contact the servers across the Internet.
The central engine’s IP address can be translated by an external router. The external IP address must be defined as a Contact Address to allow VPN connections from the remote engines to the central site using that address.
NAT can also be applied at the remote sites (by external equipment) to translate the remote engines’ IP address. In this case, you must define Contact Addresses for the remote engines so that the Management Server can contact them. The communications between the remote engines and the Management Server can also be reversed, so that the remote engines open the connections to the Management Server and maintain the connections open while waiting for commands.

When Contact Addresses are needed, a single Location to group all remote sites might be enough. The SMC servers’ and the central engine's definitions must include a Contact Address for the “Remote Engines” Location. However, if VPN communications between engines from different remote sites are allowed, it is necessary to create a Location for each remote engine and to add further Contact Addresses for the engines.