From this practical test I realized that I do not need to enable a port forwarding on the router for the port number 3389 (RDP).

For RDP to work via SSH tunnel from the first place I should have used either one of these below :

1- localhost:3390 or

2- 127.0.0.1:3390

I can not use a private ip address (my case is 192.168.0.11:3390), this was my mistake.

http://theillustratednetwork.mvps.or...esktopSSH.html
For example use an address of localhost:3390 to connect to Ashtabula and an address of localhost:3391 to connect to Norman...

https://winservices.web.cern.ch/wins...p/?kbid=320007
typing as computer: localhost:60001, the source port we previously set.