Meraki

Community

Local internet breakout - VPN exclusion rules with Protocol DNS

dmbooth
Here to help
‎Jun 30 2025 4:33 AM
‎Jun 30 2025 4:33 AM

Local internet breakout - VPN exclusion rules with Protocol DNS

Hi,

 

I've had some conflicting information so would appreciate if anyone could confirm please? When configuring Local internet breakout - VPN exclusion rules and using Protocol DNS, if you specify a domain is a wildcard (i.e. all subdomains) implied, or does it only apply to exact hostname matches? Thanks.

0 Kudos
2 Replies 2
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 30 2025 4:37 AM
‎Jun 30 2025 4:37 AM

I guess, If you specify a domain like example.com, it will match both example.com and any subdomains, like mail.example.com, api.example.com, etc.
So you don't need to use the "*" wildcard.

 

VPN Full-Tunnel Exclusion (Application and IP/URL Based Local Internet Breakout) - Cisco Meraki Docu...

 

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Blue_Bird
Getting noticed
‎Jul 4 2025 2:27 AM
‎Jul 4 2025 2:27 AM

You can find similar  previous discussion here:

 

https://community.meraki.com/t5/Security-SD-WAN/Internet-Breakout-using-DNS-entries/m-p/248507

 

Thanks

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.