I want to make an asa a vpn concentrator only and pass all traffic to the inside including internet traffic which then passes to an internet ASA. So...with inverse routing I can make sure that the client vpn pool addressess are known to be on the outside and I would then have an inside 0 route to the inside l3 device, but then I started to wonder how I would manage the asa vpn concentrator from the outside say with ssh. Appears to me that I couldn't because I can't have an outside 0 route and inside 0 route. Seems to me I would have to manage the ASA via vpn to the inside and back out. Am I missing something?