We have a customer with an unusual setup whereby the edge WAN routers selectively route traffic into a MAN so the traffic is either routed natively into the MAN (Voice) or sent over an IPSec VPN. The way this has been configured is to policy route ingress traffic on the LAN interface that sets a next-hop to a local loopback interface on the router, and from here a crypto-map is applied that encrypts the traffic and sends it to an IPSec peer. Not all traffic meets the initial policy-route though (the Voice) and this is sent natively into the MAN.
What we want to achive is to reset the DSCP value of the traffic meeting the policy-route's ACL to 0, and also set the other (Voice) traffic to either CS3 (Signalling) or EF (RTP).
Is this possible? I know that with GRE the ToS field is copied from the source IP packet to the GRE packets ToS field, but does this work with IPSec (crypt0-map set peer etc)?
This is all reasonably recent equipment - Cisco 1800 and 3700 routers.