Try using port forwarding:
ACL 10 matches 10.0.0.0/8 (Private range)
Gi2/0 is public space interface:
ip nat inside source list 10 interface GigabitEthernet2/0 overload
ip nat inside source static tcp 10.1.1.1 3389 23.23.23.2 9066 extendable
Where:
10.1.1.1 is the LAN; Network resource where RDP will be used to
3389 is the RDP port by default
23.23.23.2 is the public IP address of your interface or pool range.
9066 is the RDP port that will be used for external resources to RDP to 10.1.1.1