>My problem is with the outbound smtp data. Since it is being NAT'd to outside (.24)
Understand. Easy solution is a 1-1 static NAT instead of just a port forward.
no static (inside,outside) tcp 66.43.xxx.30 smtp 192.168.0.2 smtp netmask 255.255.255.255
static (inside,outside) 66.43.xxx.30 192.168.0.2 netmask 255.255.255.255
But, that'll screw up your www/https that come in a different public IP to the same server...
Personally, I'd change the DNS records for www/https to .30 instead of .17
>It can't be as easy as changing the outside interface on ASA to be .30 can it?
Actually - given everthing else that you have, this is a perfectly viable solution.
Or, you can try a conditional nat with an acl, keeping the static port xlate that you already have:
access-list outbound_smtp permit tcp host 192.168.0.2 any eq smtp
global (outside) 2 interface
global (outside) 1 66.43.xxx.30
nat (inside) 2 192.168.0.0 255.255.255.0
nat (dmz) 2 192.168.2.0 255.255.255.0
nat (inside) 1 access-list outbound_smtp
Note that I re-arranged the priority sequence number so that the conditional nat will be evaluated first (1) vs all normal outbound traffic (2)
>The vpn is up and running but I'm not able to access all resources on the inside net 192.168.0.0 (such as IMAP)
If you can access some resources but not others, we need more information. What IP is IMAP? Where is it? Inside, or DMZ?
>They can connect just fine and are able to log in to the samba server on 192.168.0.2 but the asa syslog starts throwing portmap translation errors from inside to dmz port 137.
If clients can log in and do what they need, simply disble this syslog message number so they don't fill up your logs. These are Netbios broacasts that the ASA drops anyway.