For detailed SSH setup help, see:
How to setup an encrypted tunnel (eg, SSH) for my VNC connection

Thanks to Adrian Umpleby (a.umpleby at imperial.ac.uk) for this suggestion:

As discussed elsewhere in this FAQ-o-Matic, SSH can be used to securely
tunnel a VNC connection. So if you can run an SSH client on your VNC Server,
you can setup a tunnel that bypasses the firewall protecting your server.

The key is to use a "remote port forward", or "reverse tunnel", initiated
beforehand from an SSH client running on the target VNC Server. You'll need 
to connect that SSH client to an external machine which is running an SSH 
server. This SSH server should be any machine that can easily be reached
by the VNC Viewer machine (it can even be the VNC Viewer machine itself).

Once the tunnel is created, you simply point your VNC Viewer to the tunnel
endpoint you created on your SSH Server, and the data will find it's way
back through the SSH tunnel to the SSH client, and so into the VNC Server.

For example: suppose your VNC Server is setup to listen to "Display 1", and
it has an SSH client installed. Suppose it's also setup to "AllowLoopback" 
connections. From your VNC Server, startup the SSH client with the command:

ssh -l username -R 5901:127.0.0.1:5901 SSH-server-address

Note especially the "-R" switch for "Remote Port Forward". This is instead 
of the more common "-L" switch for "Local Port Forward" used in SSH tunneling.

Once that connection is established (you'll of course be prompted for
username's password on the SSH-server), startup a VNC Viewer and connect it
to Display 1 on the SSH-server: "SSH-server-address:1". That will find its
way thru the tunnel to the VNC Server.

As you can see, it's not for the faint of heart. But it works.