Most good firewalls won't allow you to set it up to allow the kind of access
it sounds like you would need to get this working.  Here's what I did ...

As you probably have learned, ADSM uses TCP port 1500 (by default) for
initiating a connection from the client back to the server.  This is the
only port required to perform a backup/restore to/from the server.  I have
an AIX FTP Server outside my firewall and I back it up to an ADSM server on
the inside of the firewall.  Rather than using the scheduler on the server
to initiate the backup, I just have 'cron' on the client kick off the backup
daily.  This way the connection is always initiated by the client.  This can
be done with a simple shell script and passing the appropriate options to
'dsmc'.  This way I only need a proxy setup for port 1500 to the internal
network.  I'm not sure what firewall you're using but it should allow
restriction of IP addresses and proxies to ONLY ALLOW that one IP address
access to the "port 1500 proxy".  This keeps security intact but allows the
backup to work.

Hope that helps.