DMZ comes in a number of styles and types.. not all work well.
There is a good chance some ports may have already been used by BTMM if you happen to have that setup on a computer in the network or the TC.
See the list from Apple.
Both 500 and 4500 are allocated to BTMM.
Once a port is allocated it cannot be reallocated even with DMZ.
That is one of the limitations of the NAT system.. and why we need to move to ipv6 and have public addressable IP on everything.
I would bridge the TC and use the Uverse for main router.. you are just making the setup more complicated than is already a problem.. If you really want to clean it up, get a plain bridge modem from ATT and use a proper VPN router.. do not use VPN to internal server.. VPN direct to the WAN of the Router.. it is much more reliable.. Internal VPN is fine to dial out, not to dial in.