1, TCP 3389 are not generally block. However, its really depent on how your IT control the outgoing internet traffic. In most small/mid size business, the common way to share the internet connection is using a firewall device, but some are using what its call the "Proxy Server" to share it. In the case of Proxy, you'll have to manually configure the Proxy to allow outgoing TCP 3389.
2, If using the netgear VPN firewall with the client software, that will by pass the whole forwarding issues. But setting it up can be a bit tricky. I dont know how comfortable you are setting it yourself if you dont have some background about Key, Encryption Algorithm.... etc. Again, back to the question number one, if your company network allow outgoing VPN pass-through? Also, you'll have to make sure if your company network and your remote desktop network are not using the same subnet address (For example, if your company are using the 192.168.1.X addresses. Your remote desktop network will have to use something different like 172.16.0.X).
Bottom line is, adding VPN here may not make your life easier but for sure you'll have a better security connection between both location. Personally, I will not use VPN because I like to access my remote desktop anywhere that has a Windows XP computer with internet connection.
This is a bit long but I hope this will help.