! First match VPN traffic.
! Use an access-list
hostname (config)# class-map VPN-TRAFFIC
hostname (config-cmap)# match access-list ...
! Apply this in a QoS map in such a way that traffic matched by class-map "VPN-TRAFFIC" will be made priority
hostname (config)# policy-map QoS
hostname (config-pmap)# class VPN-TRAFFIC
hostname (config-pmap-c)# priority
! Create the Priority queue on interface "blah"
hostname(config)# priority-queue blah
! Now we can apply this policy "QoS" on the "blah" inferface
hostname (config)# service-policy qos interface blah
You might also be able to use a "tunnel-group" to match traffic. Refer to http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/qos.html#wp1045016
for more details.
By the way if you are using a sub interface the "service-policy" is applied on the sub interface but "priority-queue" is applied on the physical interface.