My company has recently acquired a new customer that is using Cisco ASA 5520s to connect to their hub network via our satellite network. Recently, they called complaining about call quality. We performed a packet capture, and, as expected, we only see ESP packets with the DSCP value set at 0.
I have found documentation on Cisco's website stating that the firewally preserves the DSCP values, but it doesn't say if it does this when the ASA is encapsulating it in a VPN header.
Is there a way to apply "qos pre-classify" on the crypto maps in the ASA in order to preserve the DSCP values on the unencrypted packet?