Apparently the means SEP uses to detect unmanaged computers is not a routable protocol - as like you say, it MUST reside on the SAME subnet.
I've got one of the SEM/P servers acting as a detector on one subnet -the server subnet here.
Then we've got over 30 other subnets and I enable one here and there randomly on occasion as there are also a great number of false alerts - it finds access points, and other items as being computers running XP with no SEP, and occasionally reports a valid SEP computer as unmanaged. So it's a tool only, use it in conjunction with other things, not as the only means to find such holes.
In the land of VMWare and ESX and virtual switches and virtual NICs, it's going to cause you frustration.......... and it keeps showing me unmanaged machines, all with the VM MAC addresses, and there are no such machines running any Windows OS.