How to allow RDP through IPSEC using netsh advfirewall command

I have an offsite windows server 2008 R2 server. And an ipsec tunnel set on our router here plus a connection security rule in Advanced Firewall on the server. I have ssh access to the console on the server

If I turn on windows firewall then the IPSEC tunnel connects but all I can do is ping from either end.

I've set the firewall to allowinbound and to allow remote desktop using netsh advfirewall

C:\Windows\System32\LogFiles\Firewall>netsh advfirewall show currentprofile

Domain Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       AllowInbound,AllowOutbound
LocalFirewallRules                    N/A (GPO-store only)
LocalConSecRules                      N/A (GPO-store only)
InboundUserNotification               Disable
RemoteManagement                      Enable
UnicastResponseToMulticast            Enable

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Enable
FileName                              %systemroot%\system32\LogFiles\Firewall\pf
irewall-domain.log
MaxFileSize                           4096

Ok.

but the firewall still logs dropped packets from our network on port 3389

2011-09-22 22:31:06 DROP TCP LAN OFFSITE 53254 139 48 S 3249668813 0
 8192 - - - RECEIVE

I'm at a loss and wondering what advise people have...