The PIX does not allow a Telnet session to any interface from a host off any other interface. For example, you cannot Telnet to the inside interface of the PIX from a host off the outside interface of the PIX. You can only Telnet to the outside interface from a host off the outside interface, and that traffic must be through an IPsec tunnel.
Complete these steps:
Enable Telnet to the outside interface with the telnetnetwork number subnet maskoutside command.
Configure an access list that defines interesting traffic to include traffic from the outside interface of the PIX to the remote subnet. Refer to this partial PIX configuration for an example:
access-list VPNTUNNEL permit ip 10.1.1.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list VPNTUNNEL permit ip host 10.10.10.1 192.168.0.0 255.255.255.0 ip address outside 10.10.10.1 255.255.255.0 telnet 192.168.0.0 255.255.255.0 outside crypto map MYMAP 20 match address VPNTUNNEL
For PIX/ASA version 7.x use extended access-list. For example: