You cannot telnet to the lowest security interface. This is by design.

so, this line "telnet 0.0.0.0 0.0.0.0 outside" being there will not allow to telnet to the outside itnerface. Still, makes sense to remove it.

You need to change this line as well in addition to fixing the telnet line.

http 192.168.3.0 255.255.255.255 inside -----> to reflect the correct mask 255.255.255.0

conf t

no http 192.168.3.0 255.255.255.255 inside

http 192.168.3.0 255.255.255.0 inside

You already have "management-access inside" line which is required to telnet, asdm or ssh to the inside interface when connecting via vpn.

The ssh line looks correct "ssh 192.168.3.0 255.255.255.0 inside"

Does that work? Have you created an rsa key-pair?

If not pls. create one. "cry key gene rsa modulus 1024"

Once done ssh should work.

-KS

thank you so much for your quick response.  I made all  the changes you suggested- changing the subnet mask of the 192.168.3.0 network to /24. to both telnet and ssh and I still cannot access the private ip of the asa via telnet or ssh.

I deleted the vpn and re-created it via the asdm, which I can access using its public ip address.  I was careful to include the split tunnel option, and to select the private ip range I wanted expose to my vpn users.  This also did not work.

I am suspicious of the acl- inside_nat0_outbound permiting 192.68.1.0 network to talk to the 192.168.3.128.  the asdm configuration I specified from 192.168.3.19-192.168.3.254 range.  the /25 network seems to be the same thing......but I am not sure.

I am a bit puzzle because i can telnet to the outside public ip via hyperterminal. what do you mean when you say-you can not telnet to the lowest security interface.  this is by design? is this not the outside interface I am telnetting to?

anyway, bottom line is I believe something is blocking my tunnel traffic and I am not sure what it is!!!!!!! Thanks again for all your effort.

interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
description << External IP Space >>
nameif outside
security-level 0
ip address <

See the security level of the two interfaces? One is 100 and the other is 0 right? Telent is not possible to the lowest security interface. In your cas the outside interface has the lowest security level. That is by design on all cisco firewalls.

Can you ping the inside interface when connected via VPN?

Check this link and see if it helps: https://supportforums.cisco.com/docs/DOC-13012

-KS

Hi guys, I finally figured why I could not connect to the remote asa private ip via the remote access vpn.  I had mentioned that my local pc and the asa IP address were the same.  I really had doubts about it but I was told this was a none issue.  It turns out that once I changed the linksys local network from 192.168.1.0 to 192.168.0.0........I was able to telnet, ssh and asdm to the asa using its ip address.

whew!.......that really that seem simple right about now.  I had my suspicion it was that; then, again I suspected everything else.

I really want to thank everyone ata csc for all the support.  Thanks everyone, and then some!!!!

by the way did you mean to say, that was the default setting on the outside interface. lowest security setting can be change using a ACL, right.

Sorry, I don't know how to copy paste to this page.....otherwise I would show you more.  Thanks again for all your effort.

Alian said that on your other post https://supportforums.cisco.com/message/3264912#3264912

Two devices cannot have the same IP address in a network. That is duplicate IP address. Will cause a lot of problems.

I don't understand what you mean by "by the way did you mean to say, that was the default setting on the  outside interface. lowest security setting can be change using a ACL,  right.".

By default, the outside is the less secure network and will always have a security level lower than the inside.

-KS