Possibility of routing through internet with private IP address

[e-bone <ebone () DotsAndLoops net>]

Hi,
We have the following VPN/Firewall setup:

WAN -- T1 router -- netscreen(VPN) -- SonicWall(Firewall) -- LAN

NAT takes place at the SonicWall.

VPN tunnels from the WAN side end at the netscreen.
VPN users receive a "virtual" IP address of 172.31.1.*,
172.31.2.* , etc ... 

The SonicWall has rules allowing in these private address ranges.

Now, the question ....
My (doofus) boss seems to think that it is possible that somebody
could come into our LAN from the WAN side with one of these private IP
addresses ?
I tend to think this is complete hogwash (or bollocks if you prefer).

Is there anyway someone can route through the internet (WAN) with a
private IP address, and have the packets routed back to them properly ?

For the purposes of answering the question, disregard for the moment
that we could set up the netscreen with policies requiring these private
IP ranges to be tunneled .... my boss for some inexplicable reason
has no faith in this device ... that is the whole reason we still
have the SonicWall around too.

Any tips, hints, or gibberish of any kind welcome.

cheers,
e

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------