We have Altiris and it uses PCAnywhere to share client desktops.
Is it possible to connect TO an NC client, presuming the 2 ports (TCP5631 and UDP 5632) are openon the firewall, and in NC config? Is there something else we have to change? Is this even possible?
As long as the NC config and firewalls allow this it should be possible. A similar use case is documented in http://kb.pulsesecure.net/IKB20394
One thing to note is in your NC policy you are opening the ports in the direction from remote client to internal device. If you want to go the other way you may need to add the source ports the internal device is using.
Yes, this will work.
On your Network Connect ACL you need to ensure that you allow all ports for the server(s) that will connect to the client PCs as the inbound-to-client port is variable (anything > 1024).