I think we would need clarification on the actual network setup to know what the actual problem is but here are some questions and ideas on what to check.
You mention that there is a switch on the LAB network which connects to the servers that can not access Internet. I presume you then have some L3 switch since you mention it has a default route configured? If you are talking about a "default-gateway" configuration on the switch then that only acts as the gateway for the switch itself and not for any host behind the switch.
You say that the LAB ASA can ping the PROD ASA. This might be due to them sharing a directly connected subnet which means that no static routes are required for them to communicate. Now the question is, does the PROD ASA have a static route for the LAB subnet behind LAB ASA? This could be one reason there is no connectivity past the gateway interface on the PROD ASA (the gateway interface towards LAB ASA)
Have you confirmed that the PROD ASA has a Dynamic PAT configuration for the LAB subnet so that NAT is performed when the LAB subnets attempts to connect to the Internet? If there is no NAT configured the traffic (if allowed through PROD ASA) then the traffic will go through the ASA withtout NAT and the connection will obviously fail. I would suggest trying "packet-tracer" (either through CLI or ASDM) where you simulate a connection coming from LAB subnet to Internet on the PROD ASA.
Easiest way to confirm what is happening with the server connections coming from LAB ASA is to check the ASDM realtime logs on the PROD ASA. Just filter the log to show some IP address from LAB subnet and attempt the connections. You should see if the connection attempt gets blocked by the PROD ASA. You should also see (if the connection is allowed) if a NAT is performed for the source address. Naturally using the "packet-tracer" on the PROD ASA would tell you all the rules applied to the connection right away.
But as I said, we really don't have a specific picture of your network at the moment so there might be other problems too.
Another tool you can use on the ASA is the packet capture feature. This will show you if the ASA is seeing both the request and reply traffic on both interface (if you configure it for both interfaces). this way you can see if traffic is entering the inside interface and leaving the outside interface but you do not see the return traffic and you are permitting the return traffic (in the case of ICMP) then you can assume that the problem isn't with the ASA but most likely a routing issue farther downstream.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...