Challenge: priority over VPN

As a system administrator I've got the challenge to create a quite complex solution for a bunch of users. The users are working from home. They connect through a IPSEC tunnel to the corporate network, the ipsec tunnel is handled by FreeBSD 8 based atom appliance. From there they use primarily RDP.

Recently we're moved towards voip. Our voip system is running on asterisk and is using only the SIP protocol.

The idea is to place a SIP-phone at the user's home so they can call also via the IPSEC connection. But how can I make sure the SIP connection get enough bandwidth for the telephone call?

I was thinking of using ALTQ to limit the amount of data transfered by the RDP protocol so there's space left on the link for SIP traffic.

RDP Traffic (limited by e.g. 100kb/s) --\                  /-- Terminal Server
                                         |== VPN TUNNEL ==|
SIP Traffic (need minimum of 64kb/s)  --/                  \-- Asterisk Voip

How should i manage this? First limit both protocols, and then send it though the tunnel?
I hope someone could point me into the right direction.

Kind regards

Erik Dekkers