I have a VoIP gateway that is marking packets with DiffServ CS1 and CS2 levels. These packets first hit an internal router that has a GRE/IPSec transport mode tunnel to another router on the public Internet. The internal router uses its FastEthernet port to connect to a second in-house router that has a T1 connection to the Internet. In order to setup some QoS I would like do the following:
1) On the internal router I am not going to setup any actual QoS policies but I want to use the "qos pre-classify" commands on the crypto map and the tunnel interface in order preserve the DCSP info on the IPSec encrypted packets that will be processed by the Internet router
2) On the Internet router I will setup a policy that matches DCSP packets and assigns them to a LLQ using the "priority" command.
Since the IPSec tunnel also carries non-VoIP traffic my objective here is to prioritize only IPSec packets that have voice. Non-voice IPSec and all other traffic will be treated in best-effort mode.
Does my plan make sense?