Using Amazon Virtual Private Cloud : Configuring security groups : Connecting to a VPC through the internet (with NAT)
  
Connecting to a VPC through the internet (with NAT)
Configure a VPC without IPSec tunnel by modifying the security group of the AWS EC2 instances running the Discovery Agent:
1. Add the public IP address of the machines that access the server from outside the VPC, such as the virtual appliances in the customer data center.
2. Add the security group of the SteelHead-c (enable access to all ports).
3. On the SteelHead-c security group, do configure the following settings:
–  Add the public IP address of the machines that access the server from outside the VPC, such as the virtual appliances in the customer data center.
–  Enable access to port 7800 and port 7810 for TCP.
–  Add the private IP addresses of all local AWS instances running the Discovery Agent, allowing access to all ports for TCP and UDP.