How does the Automatic VPN Trusted Network work when using only the Meraki MXs as the Client VPN and NOT an ASA?  We have two sites that have this setting setup, our corporate office and our data center.  The issue we are seeing is that when users connect to a Wi-Fi that doesn't have the Client VPN enabled, but does have DNS routing to our internal DNS servers the client still tries to connect. Do we need to add the MX FQDN to the "Trusted DNS Servers", or "Trusted DNS Domains", and/or "Trusted Servers".  If I need to add the FQDNs to the last option, then I get an error message saying the host is not available, and since the site in question doesn't have the "Client VPN" enabled, there is no way for me to add the Certificate Hash.  Below is the screenshot of my current configuration.  Under trusted domains I have our internal domain listed with an "*", and the "Trusted DNS Servers" has our internal DNS servers listed.