It is the access-list that is applied as an access-group to the outside interface that must be modified for the first question. The line you quoted from access-list 200 suggests that it is the access-list to be examining for that question.
The outside access-list must be written such that the destination address (the one on the right hand side) is the *public* IP address of the target. The outside access-list does NOT get modified when the public IP stays the same but the internal IP gets changed. So the first part of your answer to the second question is, "No, leave that line as-is", and the first part of your answer to the first question is, "No, you need to put in the public IPs (like 62.264.95.136) instead of the private IPs.)
The second half of the answers: In order for an outside system to be able to start new dataflows to an internal system, there must be a pre-defined translation between the public IP and the internal IP. Sometimes that is via a "nat (inside) 0 access-list" command, but that does not apply to you because that can only be used when the public and internal IPs are the same IP. When the public IP and internal IP are different, there must be a "static" command that says what gets translated to what.
In order to retarget the smtp to 192.168.2.133 you would just change the 132 to 133 in the statement. (Note: after you change 'static' commands, "clear xlate" to get rid of the stale information.)
access-list 200 permit tcp any host 62.264.95.136 eq 5901
You show TCP 5900 as going to a different internal machine, but you didn't indicate whether you have set up different public IPs for the two machines, and you didn't indicate whether it was important that the ports be associated with distinct IP addresses or whether it would be fine to put them both on the -same- public IP address as long as they got delivered to different internal hosts.
If using the same public IP is okay, you would have
access-list 200 permit tcp any host 62.264.95.136 eq 5900
and you would get this through to the other host by using
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.