Personally, I would get rid of the on-premise Exchange server and go to Office 365 - especially because Exchange 2010 is only just supported still. Leave it any longer and if you need to upgrade you will have to go through a painful (and more expensive) multi-stage upgrade.
Second choice would be to use RPC over HTTPs, and have the clients connect using that mechanism. Then you just need to NAT port 443 (aka https) through to each Exchange server,
My last choice would be to build a site to site VPN, and use VPN firewall rules to limit what users can talk to.