Cisco 5520 wireless controllers allows you to block apps and protocols using AVC lists...are you telling me that there isn’t a way to do so?
AnyConnect is using either SSL or IKE for the connection, so you could block those (please note, by blocking SSL you also block all HTTPS websites...). I assume this will not make you happy.
Regarding AnyConnect, do you want to block the VPN function, or do you mean the Network Access Module, or any other module?
Do you want to generally block VPN connections, or only the protocols supported by AnyConnect?
If it's just AnyConnect, then maybe only the servers/IPs of your own VPN gateways? If yes, then you could create an ACL on the WLC blocking the access to those IPs.
Yes, I did try the block of SSL and you're right, it blocks everything. I don't want to block the use of AnyConnect, I want to block the use of AnyConnect for the sake of connecting to our network within our on-prem corporate guest SSID.
I have tried using various AVC, and ACL settings in the wifi connection. I'm not as familiar with the NAM(TAC suggestion). At this point I'm trying to control it within the Wireless Controller.
I've also heard of the suggestion of a DNS going nowhere.
Thanks for the reply.