Here is the cast of characters:
1. blopr: A server that is behind a company firewall that I want to view its vnc session
2. netnet: A server that is on the internet that I have access to.
3. Me: The humble system admin who wants to view the VNC session on blopr.

Here is how I do it:

on Blopr:

vncserver :99 -depth 24 # and whatever other arguments you want to have.
ssh -R 5999:localhost:5999 root@netnet.example.com

On NetNet:

redir --lport=5989 --cport=5999 --caddr=127.0.0.1

On yours-truleys humble macbook pro:

vncviewer netnet.example.com:89  # enter the password for blopr's vnc session

Presto! You are in there my friend!

Bonus for you to try:  Suppose only SSH is allowed out from blopr?  This is left as an exercise to the reader.  But the trick is its very similar.