In my version of IOS, after completing the set-up of the IPSEC profile with a default transform set, the command:
show crypto ipsec profile
gave me the following:
IPSEC profile NNNNN
Security association lifetime: 4608000 kilobytes/3600 seconds
PFS (Y/N): N
Now, I wonder if this means "absence of a valid transform-set" or simply "use an (implicit) default trasnform-set".
I am more for the first option, however the official cert guide says that creating a new ipsec profile is enough.
Official documentation on Cisco.com makes you create a transform-set.
Probably an issue of IOS version, I don't know.
From now on, I will declare a transform-set.
Hope to be helpful.
I think the output reflects that there isn't a transform set, and that you need to create and assign one for the IKE phase 2 to work.
Keep up the good work.