http://faq.gotomyvnc.com/fom-serve/cache/88.html

How can I connect to a VNC Server that's behind an unconfigured firewall?
This FAQ is almost as popular as:
How can I get a VNC Viewer to connect through a firewall I don't control?

Here's the usual situation: someone that you offer tech-support for
(a school, a parent, a prison inmate) is on a LAN that's behind a
firewall they'd love to setup correctly, but email still confuses
them, and you're not about to ask them to "port forward TCP 5900".
But you still want to connect to their PC with VNC to help remotely
administer their system.

This is exactly what the VNC Server "Add Client" command is meant for.
With this command, the world is turned upside-down: the VNC Server 
initiates a connection to an awaiting VNC Viewer (ie, a Viewer setup
to be in "Listen Mode"). Once connected, the person on the Viewer
side is immediately connected, just like a "normal" VNC session (only
without the password challenge).

The "add client" connection from the Server to the Viewer uses TCP 
port 5500 instead of port 5900 like a "normal" connection does. This
almost means that everything you know about SSH tunnelling can also
be applied to "Add Client" connections. Groovy.
One more thought about listen-mode connections: it requires that someone
or something at the VNC Server side of the connection initiate the session.

So suppose you have a PC at work, behind a corporate firewall that you do
not control. You can setup a VNC Viewer in Listen-Mode at your home, and
then use software such as "Windows Scheduler", to run something like this 
every minute/hour/day:

"c:\...\RealVnc\WinVNC -connect my.home.ip.address::5500" 

In this way, your work-PC will attempt to connect on a regular basis to
your home-PC, giving you VNC control over a PC behind a firewall.




How can I get a VNC Viewer to connect through a firewall I don't control?
Talk about a FAQ! Something very much like this appears at least once 
a week on the VNC mailing list:

"I'm at a work on my office PC. It's connected to a LAN that's behind
a firewall and a web proxy that I know nothing about. The IT guys
setup my web browser and email so that they work. But, I have a VNC 
server running at home, and when I start a VNC Viewer and type in my
VNC Server address, I get "connection failed" errors. How can I 
connect to it?"

The usual first response to this is more instructional than helpful:
if the IT guys at your workplace don't allow VNC Viewers to work behind
their firewall, they might have a really good reason. If you accomplish 
any "tricks" to bypass their security, you might just find yourself in
hot water with your employer. So ask permission first.

Once you have permission, the easiest way is do it like this: setup a
SSH tunnel between your work PC and your home PC. Many SSH clients are
HTTP-proxy aware, including the very popular PuTTY SSH client. Follow
these instructions for setting up an SSH tunnel with PuTTY, just be 
sure to add the correct "Proxy" information into the "Connection"
settings of PuTTY:

Using PuTTY's SSH on Windows

The above example presumes that the VNC Server is running on Linux, but
it of course works perfectly well if you're running on Windows too. Once 
you've got this setup correctly, your VNC Viewer traffic will pass right 
through your workplace firewall and proxy, just like your Web browser 
traffic does.