I'm trying to remote in to a machine that has a 10.0. NAT address from a
machine in our wan that has a 172. Ip address but no luck.

My ignorance is most likely the cause but I thought I would shoot this out

there is a BorderManager server in the tree where the target machines
resides so is there something I need to configure on that server to allow
the remote traffic?

I did set the remote policy in con-1 to allow connections across a NAT but
that doesn't help