What I mean is do you have a setup where you do QOS based on classfication *after* crypto? ie: match on ipsec destination addresses for classfication in a QOS policy to get per spoke QOS Rodney