My question is that how firewall route the traffic to 192 as it has no knowledge abt 192 address
you nmeed to have a static route for that remote network out of your outside interface. If you have a default-route, that's also fine.
second question is how can we do port restriction
Which device do you have? If it's an ASA then you can put an ACL into the tunnel, but that's not very comfortable for site-2-site-VPNs. You can also decide to filter the trafic the legacy way where you permit the traffic in the outside ACL.
You can also restrict the crypto-acl to your exact definition. But keep in mind that the ACL has to be mirrored on the other side and dynamic protocols like FTP won't work with that.