QoS pre-classify for VPNs on Cisco ASA

My company has recently acquired a new customer that is using Cisco ASA 5520s to connect to their hub network via our satellite network.  Recently, they called complaining about call quality.  We performed a packet capture, and, as expected, we only see ESP packets with the DSCP value set at 0.

I have found documentation on Cisco's website stating that the firewally preserves the DSCP values, but it doesn't say if it does this when the ASA is encapsulating it in a VPN header.

Is there a way to apply "qos pre-classify" on the crypto maps in the ASA in order to preserve the DSCP values on the unencrypted packet?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check to see if the packets do come into the ASA with the DSCP set since its default behaivor that the ASA copies the ToS of the IP header to the IP header of the encrypted packet for QoS after encryption

Just for some QoS reading on the ASA you can check this link out.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.