Which is kind of the problem - I know when I worked in Cambridge, county simply refused to open up any incoming ports whatsoever (things might have moved on fractionally by now, of course). The only way I could think of getting remote access to our system was to write a proxy that worked in a similar way to Skype or LogMeIn - i.e. tunnel other traffic over an outgoing HTTP connection, with incoming traffic being sent inside the reply to another HTTP request. Stupendously wasteful of bandwidth, but there you go.
The point is with LogMeIn etc is that the person inside the firewall as to make the connection, they can't remote in.