I want my users to have the ability to VNC out to one of our clients machines - lets say However I don't want to open the VNC ports fully and I am using a non standard port. I would love to be able to do this statefully so when they are done it will be closed again.

I've tried a filter like this:
Source: Private
Destination: Public
Packet Type: VNC_1
Protocol: TCP
Src ports: 1024-65535
Dest Ports: 9140-9143
Stateful Filtering: Enabled

Src Addr: Host
Dest Addr: Any

For some reason this does not work. I have even tried it with the public ip of the machine which VNC is running on in the dest addr field. I have a total of 6 people who might need to be doing this so I think a stateful filter should allow me to do that. When a user tried to go out with this the enter the address Then the VNC application shows trying to connect I am guessing that is the stateful filter doing what it is designed to do. I just don't know what the best way to accomplish this is. Any help would be appreciated. I read several posts by Craig and I just can't seem to get them to apply to my situation.