No, that type of thing isn't in the port forwarding config. It's also a bad idea for the purpose you're using it for, because anyone can spoof the employer IP address and get to your VNC port. You can, of course, do it with iptables rules (there's a place for custom ones in the Tomato config) but the smarter thing to do is tunnel VNC through your SSH port so you get a legitimate form of authentication/encryption.