My guess would be that the NAT rule for RDP is being applied regardless. I have the following in my config before any destination NAT rules:
rule-set untrust-to-trust {
from zone untrust;
rule IPSECLinks {
# Don't apply NAT to any incoming private (IPSEC) link connections to our LAN
match {
source-address-name RFC1918; # you can make this 10.10.10.0/24.
destination-address-name HomeLAN; # and this would be 192.168.1.0/24
}
then {
destination-nat off;
}
}
}