[c-nsp] Block Ultra Surf v14 on ASA

[Nick Hilliard]

On 18/02/2015 16:53, Chuck Church wrote:
> That will technically accomplish the requested goal.  There may be a bunch
> of side effects though.

yes, it will block all https.  This is what happens when you try to block a
VPN system which was explicitly designed to be difficult to block.

The real answer to the question is that this application cannot be blocked
with an ASA.  The OP will need to buy very expensive DPI hardware to guess
what sort of port 443 traffic is https and what sort is VPN traffic.

Nick