Question : Problem: How to allow Remote Desktop through not one but TWO routers

I would like to access our office network from the outside. We have a T1 line coming into a router provided by CBeyond and then the signal goes through a cheap Linksys router. The linksys router is there to provide wireless capability to those who need it. See pic of setup below.

The linksys router assigns the IP addresses to the machines on network.  We have a static IP address.

I've setup port forwarding in the past on a similar router as the linksys in order to use Remote Desktop. But I am not sure what to do with the other router that proceeds the linksys router.

The ISP is unwilling or unable to provide any tech help. They just want me to instruct them to setup the router however I want.

I am wondering what would be the best setup with best security in mind.

For example, shall I have the ISP completely disable built-in firewall in their router and depend only on Linksys' firewall for security? That seems risky since the Linksys is just a cheap box made for home use.

Or better to free up just certain ports in the commercial router?  (I want access 3 different winxp machines) Would that mean certain ports would have to be "forwarded"? If so, to what IP? I am confused because the IP addresses don't get assigned by the commerical router, but the linksys router.

(At some point in the future, I would like to setup VPN access also. Please keep that in mind in providing your response. I have no idea how that plays into this because I've never setup VPN before on a host router.)

Answer : Problem: How to allow Remote Desktop through not one but TWO routers

polaatx, not a problem this stuff is complicated.

Public side is always your first line of defense, and yes, it means the public port on Router A.

A forward is an IP address + PORT combo.  
(I accept connection on port X, I forward on Y to some IP).

you can have
Public Port  (router A)     IP                     "External Port, router B"   Internal Port router B      IP
X,                                   B's External IP                X                                   3389                  Machine 1 IP
X+1                                B's External IP               X+1                                 3389                  Machine 2 IP
X+2                                B's External IP               X+2                                 3389                  Machine 3 IP