x.x.x.x is the ip address of the old default gateway
y.y.y.y is the ip address of the new default gateway
Unable to Access the Internet
After changing the IP address on the external interface of the ASA, if the internal users are unable to access the web, then ensure that the device upstream to the ASA (the next-hop) reflects the MAC address of the ASA bound to the new IP address. If this is not the case, then clear this ARP cache entry on the next-hop so that it learns the new IP address of the ASA.
1. Site-to-site VPN:
For site-to-site VPN, the peer/remote ASA needs to reflect the new IP of the ASA.
For example, if we have an existing lan-to-lan VPN between two sites, ASA1 (external ip address 220.127.116.11) and ASA 2 (external ip address 18.104.22.168) and if the external interface ip address for ASA 1 is changed to 22.214.171.124, the following changes need to be made on ASA 2:
First, we need to remove the crypto map entry on ASA 2 corresponding to the old external ip address of ASA 1:
ASA2(config)# no crypto-map <crypto-map-name> <id> set peer 126.96.36.199
ASA2(config)# crypto-map <crypto-map-name> <id> set peer 188.8.131.52
Second, a new tunnel-group needs to be configured under which the pre-shared key for ASA 1's new IP address wlll be stored: