I'll risk incrimination here...
You can use "SSH tunnels" to create a portal from the jumphost to the CMOD server. Then you configure your windows client to connect to the jump host, and the jump host forwards the connection through the encrypted tunnel to the other side.
This may or may not violate your local security policy -- even though it obeys the spirit of the policy (all connections into production must go through the jump host), the people in charge of enforcing the policy may not see it that way.
The alternative that most organizations provide is a citrix server that has one foot inside the internal network, and the other foot inside the production network.
-JD.