1- No, as that command is only for a VPN endpoint with ACL's. In this case is just a VPN pass-through device
2- Yes, they will get matched as usual as traffic from the lower security level to the higher will need to be allowed over an interface.
3- If you take out the ACL on the Outside ( Trasparent ASA) then the VPN attempts will not be allowed to the internal ASA.
The syspopt connection permit-vpn should be relevant only to the internal ASA
Remember to rate all the helpful posts, that is as good as a thanks.
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC