I am sorry, but this seems very confusing... a true DMZ should not be required at all, perhaps there is a little too much going on. Let me see if I get this correct.
Mitel 5000 location:
Data VLAN: 172.x.x.x (irrelevant for this discussion)
Voice VLAN: 192.168.200.x (5000 @ 192.168.200.201, and can access the internet properly)
Cisco 2900 is the primary router, routing between each VLAN and each VLAN's gateway to the Internet (for example, 172.16.0.1 on one interface and 192.168.200.1 on a second interface). Port forwarding is being done from a static public IP address to the Mitel 5000's 192.168.200.201 IP Address.
Assuming this is done, you should be able to take a phone to almost any location in the world, plug it in, throw it in Teleworker mode, and away you go. I do this from home all the time...
Plug in phone, it gets a 10.20.30.xx IP address from my Linksys router (my Linksys has nothing special in it but Tomato firmware, but it worked properly on the stock firmware as well, no programming or setup required, all outbound port access is handled by the embedded NAT handler since the ports are opened originating inside the firewall), throw it in TW mode and put in the public IP address that our Cisco 891 router (24.230.xx.xx) is handling for the Voice VLAN that has the appropriate ports forwarded to the Mitel 5000 at 10.10.10.11 in our network.
Basically, if the phone can connect from ANY remote location, the problem is remote site specific, if the phone can't connect from any location the issue is on the local end... If you have an extra public IP at the local location (or one you can steal for a short time), put a switch between your Internet connection and the main router, put that static IP information in the phone, and try to connect to the system, if it connects through then your router/5000 setup is correct, if it doesn't... well, you get the picture.
