Here is tutorial how to connect to a VNC server behind a firewall that only allows SSH traffic. You can tunnel the VNC traffic through an SSH connection with SSH access to the VNC server.
Connect to the VNC server with SSH and forward the local client's 5904 TCP port to the port 5901 of the VNC server, e.g.:
$ ssh firstname.lastname@example.org -L 5904:*:5901
Open new window and direct vncview to your localhost and port 5904 so the traffic will be forwarded to your VNC server's port 5901:
$ vncview localhost:5904
Be sure that client's firewall doesn't blocks port 5904 on localhost:
$ su -c "iptables -L"