First, be sure that they're really gotomypc.com sessions and not regular Citrix NetMeeting sessions. For the former, you should see a client installed on the users computer and traffic to poll.gotomypc.com (see below.) For the latter I don't think you'll see anything except perhaps a ActiveX plugin.
The problem with real gotomypc sessions is that it allows users to bypass your corporate firewall settings, and get -directly- onto their PC. The gotomypc software running on the internal PC reaches out and registers to the primary gotomypc servers, and the user then connects from there (again, bypassing any posture checks you have in your firewall).
In my mind this is Not a Good Thing, mostly because the one instance I had with it was when a user 'shared' out their desktop with a remote client via gotomypc in order to facilitate file transfers, thus giving the client full access to the rest of the network in the process. Incredibly stupid but not entirely unexpected.
From their FAQ (google for "block gotomypc")
you can prevent your company computers from being accessed via the GoToMyPC service by using your firewall to block access to the host poll.gotomypc.com. We do not recommend this method, however, as it prevents all GoToMyPC usage, including your authorized GoToMyPC users.
But, re-reading your question, are you trying to prevent your internal users from Remote'ing into other, off-network GotoMyPC devices, or trying to prevent systems on your network from being remotely accessed?
gotomypc.com should be blocked since it bypasses your firewall rules... One could using gotomypc.com, somehow take over a user's PC/laptop at work or inject a virus, etc. Either block via FW, or perimeter router "poll.gotomypc.com".
Also a device like Packeteer and NBAR will categorize traffic as gotomypc. Packeteer can block it but I think NBAR can not block "it just will show you the traffic". Both of which are very useful. I use Packeteer...click on gotomypc and click on top talkers and find which users are doing this and ask them to stop.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :