Hi Mark,

You can use access-lists for protocol filtering.

For blocking IPsec vpn traffic it may look like this:

access-list 100 deny udp any 500 any 500

access-list 100 deny esp any any

access-list 100 permit ip any any

The 1st line blocks any isakmp traffic.

The 2nd line blocks any ipsec esp protocol traffic.

The 3rd line allows any other ip traffic.

Cheers:

Istvan