Here is an example of a working configuration on version 8.4 to manage (via ssh and http or ASDM) a Cisco ASA over a VPN client.
ip address 126.96.36.199 255.255.255.0
ip address 10.99.18.240 255.255.255.224
ip local pool vpnpool 10.99.81.1-10.99.81.254 mask 255.255.255.0
nat (trust,untrust) source static 10.99.0.0 10.99.0.0 destination static 10.99.81.0 10.99.81.0 route-lookup
ssh 10.99.81.0 255.255.255.0 trust
http 10.99.81.0 255.255.255.0 trust
This allows you to hit the trust interface with ASDM or ssh after you VPN into the Cisco ASA. Note that the 'route-lookup' switch under the nat (exempt) rule is often overlooked!