you connect anyconnect to outside of asa, outside is VPN in routing table not in management-only routing table, 
cisco recommend make the direct and vpn in same routing table 
so here what you need is 
telnet 0.0.0.0 0.0.0.0 inside <- then try telnet to asa via anyconnect 

The problem is not related to management access. We have OOB management access.

The problem is the following:
Normally, since we have "Always On" set, the PCs of Remote Access VPN users will connect by setting up a management tunnel already before the user logs in to the PC. This enable us to connect to the PCs and manage them even when the users are logged out. When the user logs in a user tunnel is established and the management tunnel is released.

This have stopped working after update to 9.16(4)19 software.

Management tunnels fail to establish.

Background (From the ASA Admin Guide):

"A management VPN tunnel ensures connectivity to the corporate network whenever the client system is powered up, not just when a VPN connection is established by the end user. You can perform patch management on out-of-the-office endpoints, especially devices that are infrequently connected by the user, via VPN, to the office network. Endpoint OS login scripts that require corporate network connectivity also benefit from this feature.

AnyConnect Management Tunnel allows administrators to have AnyConnect connected without user intervention prior to when the user logs in. AnyConnect Management tunnel can work in conjunction with Trusted Network Detection and therefore is triggered only when the endpoint is off-premise and disconnected from a User-initiated VPN. AnyConnect Management tunnel is transparent to the end user and disconnects automatically when the user initiates VPN."

crypto ca permit-weak-crypto

yes we applied and fixed the issue .