<span lang="en">This paper analyses several issues about security and QoS in corporate networks based on BGP/MPLS IP VPN technology. First, we discuss some security requirements and constraints specified for ‘conventional' BGP/MPLS IP VPNs, where the provider's transport infrastructure supports MPLS. Likewise, we describe different alternative mechanisms suitable to provide QoS guarantees in this kind of networks. Afterwards, the paper focuses on a transition scenario, where some of the corporate sites may be attached to an IP backbone with no MPLS support. In order to preserve the basic VPN architecture some alternative tunneling approaches are defined. We study some critical security requirements in this scenario and analyse the potential impact of its implementation over the QoS characteristics. We present a testbed based on Linux boxes and some general implementation issues, and finally some empirical results are shown.</span>