I don't believe it can't be done.
When the telent session is initiated from the client router to the secure router, it will be sourced from the client router.
The ACL applied to the secure router VTY lines will specify a source IP which will be the client router. It has no way of knowing that the unknown router initiated the telnet connection.
... View more