Hi Mark,
It sounds like your ASA isn’t configured correctly for NAT. It should be configured to translate all traffic from the 192.168.2.0/24 subnet that exits the outside interface UNLESS the destination is 192.168.39.0/24 (the other end of the VPN).
You can use this example for PAT:
The only thing left to do is to create an exception for your VPN traffic, like this:
object network LOCAL_SUBNET
subnet 192.168.2.0 255.255.255.0
object network REMOTE_SUBNET
subnet 192.168.39.0 255.255.255.0
nat (LOCAL_SUBNET,OUTSIDE) source static LOCAL_SUBNET LOCAL_SUBNET destination static REMOTE_SUBNET REMOTE_SUBNET
This tells the ASA not to translate traffic from the local to the remote subnet.
If you are also doing NAT on R2 then you’ll need to add a deny statement in the access-list that you use for NAT that matches traffic between 192.168.39.0/24 and 192.168.2.0/24.
Hope this helps!
Rene