For question 1, see the engineering guidelines for the various components. I know they have them for Teleworker/MBG, AWC, and unless you really want NuPoint management to be accessible from the outside it doesn't need to be. If you don't have access to those docs, let me know and I should be able to look all that up.
For question 2, for UCA to work outside the office, it has to be setup with a certificate through a MBG server and will burn a MBG license when in use. It will request said certificate, and then within the MAS's server-manager section, you can view/approve requested certificates. This is covered in the UCA docs I believe.
For question 3, unfortunately you need two static Ip addresses. Its a requirement that can't be gotten around. Additionally, the AWC's static ip address has to be larger than the other address. (As in the AWC would have to be 192.168.1.10 or higher if the other address is 192.168.1.9)