Well creating a real vpn through a cisco does not depend on port ranges... The vpn is conf'ed in such a way that u mask the vpn ip addresses from the rest of the internet. This is usually done via the BGP routing protocol and a switch that supports the vlan function. Then wwhen all that is conf'ed u set up a few access lists and u have a vlan. This is secure and since nobody from the internet have access to your ip address you can't be hacked...
Instead of buying expensive software or hardware that can make a "vpn" on port 80(or whatever) you might aswell use a good remote pc program. They might call it vpn but it so far from it as can be especially if it runs on port 80, which it one of the first ports to be scanned by the most crappy of port sniffers.

In all cases ur a bit screwed if you dont have access to the firewall since you can forward any ports inc. port 80 to your internal ip address

+------------------------------------+
| Work |
| |
| SQL*Net--66--stunnel--80---+--+ outgoing will work fine
+------------------------------------+ |
|
v
+----------+
| Firewall |
+----------+
T
|
+-----------------------------------+ |
| Home | |
| Oracle | |
| Listener--66--stunnel--80--+--+ Incoming trafic will NOT be forwarded
+-----------------------------------+ unless the firewall is conf'ed

But then again it migt be that the home computer opens the connection and keeps it open, that u may connect to it remotely... But i wouldn't count it.

If you can get access to the firewall or have the firewall admin make the changes for you it would be easier.. But without the ability to forward ports nothing big will happe no matter what solution you decide to try out.