- July
Posted By : Gom Jabbar
Cisco ASA Device Management – Telnet over VPN

Management Access to the Cisco ASA via Telnet
Telnet connections to the ASA are not allowed on the least secure interface (usually the outside interface), unless the host is connecting via an IPSec tunnel. To permit a host to Telnet into the ASA via a VPN tunnel that terminates on the outside interface, you can specify another interface for management access. For example, to allow an external VPN user to telnet into the inside interface:

ciscoasa(config)# management-access inside

For example, my pet ASA is set up for VPN access to the outside interface. When the VPN client tunnels into the ASA’s outside interface, it gets an IP address of from the VPN pool. However, when the VPN client tries to telnet into the ASA’s inside interface at, the usual telnet login prompt does not come up. This is what is configured on the ASA:

ciscoasa(config)# sh ru telnet

telnet inside

telnet inside

telnet timeout 60

Ah, we need to permit to telnet into the ASA.

ciscoasa(config)# telnet inside

Now the telnet session from the VPN client succeeds.

ciscoasa(config)# who


Additional Information:

Telnet command in the Cisco ASA 8.4 Command Reference.