The aim here is to implement the workaround explained in:
http://java.sun.com/javase/6/docs/technotes/guides/management/faq.html#rmi1

To allow JConsole instances to access AS instances when
there're firewalls in between.

I created a basic simple service that does this:

"I have created small service that mimics precisely this and attached it
(file called acme-jmx-connector.sar). This is a very simple service which
does not mimic SSL or authentication access to JConsole, so please bear
that in mind. I'd need more time to add SSL and authentication to it.

To use it, just deploy it in the deploy/ directory of your EAP server. Within
the sar, there's a file in META-INF/jboss-service.xml with the registry port
configured to be whatever you passed in as -Dcom.sun.management.jmxremote.port
and the proxy port configured by default as 21002 or whatever you pass in
the -Dcom.acme.jmxremote.proxy.port system property. This proxy port is the
2nd port you need to open in the firewall to be able to connect to JConsole.

On the client side, start JConsole like this:

jconsole service:jmx:rmi://[host]:[value of com.acme.jmxremote.proxy.port property]/jndi/rmi://[host]:[value of com.sun.management.jmxremote.port property]/server"

However, there's a couple of guys in Netherlands that have created a full blown
solution which includes support for SSL:

http://www.componative2.com/content/controller/developer/insights/jconsole3

FAO Dimitris et all, what about we have a chat with these guys and see if they
wanna contribute their solution to AS if we're happy with what they did? I'm
assigning it to you first and if you're happy and we haven't solved this before
already, I can look into at their solution properly and come back with my
comments.