Thanks for posting your question on the forum!
First, you will need to modify the VPN selectors to reflect traffic that will be sourced from the internet on port 443 and destined for the site B server (192.168.2.2). This will allow this traffic to traverse the VPN tunnel.
permit tcp any host 192.168.2.2 eq 443
permit tcp host 192.168.2.2 eq 443 any
On Site A, you will then need to modify the access-policy assigned to the WAN interface so that the port-forward can take place:
ip access-list ext PortFwd
permit tcp any host 220.127.116.11 eq 443
ip policy-class WAN
nat destination list PortFwd address 192.168.2.2
I have not seen your configuration, but you will want to be careful about the order of the rules on the WAN policy-class to be sure that is not ignored due to a rule listed above it.
Please do not hesitate to let us know if you have any questions.