Symptom
When ASA code is running on FPR2k platform and it has site to site tunnels implemented with IPv6 addresses, packets that are marked with QoS classes do not preserve the DSCP value when encrypted over ESP (IPSec).
It is seen that DSCP value is preserved when IPv4 tunnels are configured with the same class.
Inside capture:
1: 10:24:06.902602 2620:1f7:9c2:a040::10.10000 > 2620:1f7:9c2:a020::10.10000: udp 952 [class 0xb8]
Outside capture:
1: 10:24:06.902604 2001:420:140e::204 > 2001:420:140e::51 ip-proto-50 136 [flowlabel 0x800b]
Conditions
IPv6 VPN configured
ASA is running on FPR 2000 Series
Workaround
Use IPv4 based tunnels instead.
