Is there any way to achieve this without port forwarding then?
It just seems to be a pretty basic thing to want to be able to administer more than one Mac on the same router.
I think TeamViewer achieves this without any form of port forwarding (it's just needs to be run on each machine and a randomly selected password chosen on one machine and that password entered on the other.
1. Setup a VPN on the networks where the clients are. Connect the VPN then you can access all Macs within the network.
2. Go to logmein.com and setup a free Hamachi network account. install the clients on all Macs and you can control as many as you want no matter where you or the clients are.