Hi Mark, Quick update to my message: While there is no specific IP range for api.meraki.com, if you have configured a site-to-site VPN as your default route, then the clients' web traffic will transit your VPN automatically. There's no additional configuration needed; you shouldn't have to manually 'include' any traffic in your VPN when you are using a VPN subnet as a default route. Keep in mind there are local Internet breakout rules available, so you can exempt other traffic from transiting the VPN: If you are not using Meraki MX, and need to manually route some traffic over your VPN, then I'd recommend using a FQDN rule rather than an IP-based rule for that type of PBR. If you have no other options, then it's also possible to send API traffic to e.g. n101.meraki.com, instead of api.meraki.com. You can find the 'n101' value by logging into the dashboard via browser. That FQDN has a limited number of IP addresses listed under Help > Firewall info.
... View more