The servers that do the scan must be able to reach the site being audited. What some customers have done is add URL parameters to something to the query string that only someone who had the link could access the site, or you can create firewall rules to whitelist the ObservePoint servers IP address to reach the internal site. Otherwise if the site cannot be made accessible, it cannot be audited.