Well, your VPN is actually created BY the firewall (without the firewall there is no VN). Ideally here is what you want:
Site 1: IP domain y
Site 2: IP domain x
Site 1:
Firewall with VPN set up to Site 2 using an encryption key
Site 2:
Firewall with VPN set up to Site 1 using the same encryption key
As for IIS, if you change the default port (default for HTTP is 80) then you have to make sure that your firewall allows HTTP traffic to pass throuh on the new custom port. If your firewall allows it, you can tell it to redirect Port 80 TCP/IP traffic coming to
www.yoursite.com to
www.yoursite.com:[CustomPort]. If you are not the firewall administrator you will get the best answers from them. This would hide the custom port in the URL and also allow you to leave your current firewall "rules" the way they are.