As for your question on transform set, this defines security protocols or better said encryption type to be used in the tunnel policy.
The interesting traffic is definedby the access-list permiting the traffic.
2.tunnel-group 18.104.22.168 type ipsec-l2l tunnel-group 22.214.171.124 ipsec-attributes
As for your second question tunnel-group command alone is used for when you want to configure a VPN tunnel , or ssl vpn, or ra vpn follow by a name you chose to reference by, in your casethe tunnel-group is named 126.96.36.199followed by the type of vpn in your case is a L2L vpn .
Under tunne-group you have other options which are general attribute and Ipsec attributes,and in each option there are other configuration categories for the tunnel , under tunnel-group ipsec-attributesyou have options of defining configurtations such as pre-share keys and/orother settings for the tunnel..you can always issue aquestion mark after you type the command to show what configuration parameters are avilable under that category.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...