I've almost no experience with ASA; don't recall if they have any QoS features, especially, in this case, support for a shaper. Without that, as mentioned in my first post, we might be able to connect ASA's "outside" interface to 3750 (or 2960) and then connect 3750 (or 2960) to Internet. This because the 3750 (or 2960) can shape (sort of), and provides 4 queues where we can prioritize traffic like VoIP. (This also assumes, we might ToS tag traffic going into ASA, from LAN, and ASA would duplicate ToS tag on the VPN traffic. If it doesn't, we just "shape" on traffic to ASA, but at a rate slow enough such that it likely would be under the 60 Mbps limit, even with VPN overhead.)
Again, for effective QoS, you need to consider both directions of traffic. I.e. to guarantee VoIP performance, not only would you configure QoS at branch, but at HQ. So, I need to know all (actually only that deals with Internet) the details of the HQ topology too. (BTW, still insufficient information on branch too.)
Anytime you mix "raw" Internet and VPN (across) Internet, on the same link, you've effectively make QoS useless unless your ISP is willing to support QoS on their port (almost all won't), from the Internet, to your device. Why? Because otherwise you have no control over traffic coming from Internet to your site, and ergo, cannot insure something like VoIP gets the QoS treatment it needs.
If you cannot obtain QoS from your ISP(s), the alternative is obtain another Internet link, for just your VPN traffic, or at least the "critical" VPN traffic. With a dedicated link, we can often exactly manage bandwidth and then provide effective QoS.
BTW, QoS support is much better on Cisco routers. You might consider obtaining a "small" (i.e. one capable of handling 60+ Mbps, duplex) Cisco ISR.
Also BTW, in your OP, you mention "video traffic", what kind? I.e. real-time (e.g. video conferencing) or not real-time (video streaming) (both?).
