You would only need to allow this in an ACL on the outside interface. This is assuming you are already denying access to all other inside resources.
So you would just need to add an ACL stating source IP on the outside interface and destination IP of the IPX system and which ports you would like to allow. If the source IPs are on the internet, you would also need to configure NAT.
As for security levels, this will be irrelevant. Once you add an ACL to an interface the security level is no longer used. But if you would like to use a security level to reference which interface is a lower "security level" than the other, then change the security level to a value lower than the secure interface. For outside / internet facing interfaces it is common to use security-level 0. Keep in mind you must configure a security level on the interface.
If both subnets are directly connected to the ASA then no other configuration is needed. If the subnets are not directly connected you would need to consider how you want to route the traffic (static or dynamic).
--
Please remember to select a correct answer and rate helpful posts