Cisco is known to support "lawful intercept" protocols in their routers (in fact they were the ones to propose it to IETF a decade ago), so I wonder if they find it ok to not censor your connection because they can already spy on it. This way at least they can check if it's really for "work". Other VPNs who they know aren't used for work, get blocked.