Thanks for your response.

I was hoping to avoid using NAT intirely.
Network is something like below:
(vpn user) --> (firewall a) --> (Endian firewall) --> (green network)
On the Green network there are some servers which I need to be able to RDP to once connected to the VPN.
The VPN network is assigned an internal IP, and the internal interface of firewall a, external interface of Endian, and internal (green) interface of Endian have internal IP's.
during testing I was able to RDP just fine to a desktop when replacing the Endian firewall with it. (temporarily)
Thanks for your help!