with the command "sysopt connection permit-ipsec" enabled, pix will ignore the inbound acl for all crypto traffic.
just wondering if these two ip 1.1.1.1 and 2.2.2.2 are server or the pix interface.
further, how do you restrict the traffic on port 443?