how can i manage a remote firewall configured with a site-site vpn? Site A and site B have a site vpn. I am site A and would like to telnet into site B to change some ACL's but can not get into it.
First of all I recommend that you do not use telnet to manage your firewall. SSH is significantly more secure and just as easy to use.
That said, there are two ways to accomplish what you want. One is to manage the firewall via the outside interface of firewall B.
Assuming that you have your authentication already setup this would be as simple as applying following configuration to firewall B.
If you have multiple possible source IPs or networks, you can expand the access with multiple such statements.
The second option would be for you to configure what Cisco refers to as management-access.
The management-access command allows you to configure one of your inside interfaces to receive management traffic. This traffic includes, SNMP, ICMP, ADSM and telnet/SSH.
Following command configures a management interface:
The advantage of that setup is that all of your management traffic can traverse an existing VPN tunnel and the risk of sensitive information being exposed is minimized.
The drawback, you cannot reach your standby firewall should you run in active/standby mode.
Keep in mind that ssh access control has be configured for the management interface as well. Assuming you configured management-access for the inside interface you would have to issue following:
Management access first appeared in 6.x I believe.