RE: VoIP over IPsec

Comments inline:

So do you suppose that in my scenario, I'd be better off leaving the VoIP out
of the encrypted tunnels and use a separate [cleartext] path for them?

Oh goodness no. VoIP (SIP specifically) has no real security in it. Call
hijacking for example is a matter of sending a pair of spoofed UDP packets to
each phone and having the voice streams arrive at the attackers machine. Not
pretty, and I do this trick (and worse) daily. (in a lab as part of work of
course)

I'm worried about the security implications, not because I feel there is a
huge security risk but because I'm sure the topic will be brought up.
(Communicating over one provider's
backbone provides little opportunity for third parties to snoop packets
between points, of course.)

See above, SIP security sucks and H323 isn't much better.

Has the issue of VoIP security ever been addressed?

Not really.
There are two parts to VoIP, the signalling and the bearer channel (actual RTP
streams with the voice).
The signalling channel is by far the easiest to abuse so if you are worried
about security, go after this first. Encrypting the itty bitty RTP packets is a
challenge that has yet to be entirely overcome, but encrypting the signalling
is about 90% of the battle (according to me YMMV). So if you want this done
without buying any new toys, and just using the Cisco's you have in place.
Simply place a GRE tunnel between the two sites and just IPSec UDP port 5060
(SIP), and leave all other traffic alone (your phones are on separate subnets
right???). This will encrypt the signalling (SIP is the assumption here)
but leave the RTP alone so that you dont have the jitter issues (as much at
least).

If you are really serious about doing VoIP then look into the products from
InGate and NetRake, and others.
The InGate supports NAT/PAT (which is useful since some phones basically
require a public IP address UGH), but more importantly it supports TLS. This
encrypts the packets, but doesn't suffer from the keying issues of IPSec nor
the overhead, so tiny little SIP packets can be encrypted without wait, but I
am not clear on the RTP packets (they aren't encrypted as far as I know). Plus
you get a registrar, proxy, etc, etc etc server along with it. They are
relatively cheap.
Netrake is for carriers, but is kinda cool to look at.

As far as QoS, don't worry about it unless you are short on bandwidth, and even
then it doesn't seem to make much difference (in my experience YMMV).
Hope this helps

I speak for me and me alone. Do not hold my employer liable for my rantings.