1) if you are happy to have the addressing mix then no you do not need to do NAT (although you still need the static statement above ). What we do is present lab addresses as prodcution address to the production users and then we NAT them back to the real address on the firewall.
2) I appreciate your point about VPN but your firewall is really the wrong way round in my opinion. You should have the inside interface facing the network you want to secure and i'm assuming your production environment is more important than your test lab ?
You can do what you have done but just be aware that by default traffic can flow from higher to lower level security interface so you need to be very precise with the access-list on your inside interface which effectively says what traffic is allowed from the test lab to production.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...