I’ve done this several times. You should just need to open the TCP port which RDP uses which is port 3389 by default through the firewall allowing it to connect to the internal machine. Does RDP work correctly from within the office?
You might also want to change the port from 3389 to something else:
If you chose this option, you will then connect like this
This can provide some additional security through obscurity.