Office 365 installation / communication issues, with Cisco IOS router and Trustwave Webmarshal.

Solved a problem with a Cisco IOS router in combination with office365. In the situation they used a proxy server from Trustwave Webmarshal. On the cisco router was configured that port 80 and 443 for users were denied so the users had to use the proxy server to go online.

Webmarshal configuration:

Needed information for the configuration of the proxy by-pass can be found on the following URL
http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx
Al the URL names have to be excluded of the proxy.

Cisco IOS Router:

On the Cisco IOS router you have to create an object-group network

object-group network O365-IP-RANGE
host 65.52.98.231
host 157.55.44.71
host 65.52.148.27
host 65.52.184.75
host 65.52.196.64
host 65.52.208.73
host 65.52.240.233
host 65.54.55.201
host 70.37.97.234
host 94.245.117.53
host 94.245.108.85
host 65.55.239.168
host 111.221.111.196
host 157.55.185.100
host 157.55.194.46
host 207.46.216.54
host 207.46.73.250
65.54.54.32 255.255.255.224
65.54.74.0 255.255.254.0
65.54.80.0 255.255.240.0
65.54.82.0 255.255.255.0
65.54.165.0 255.255.255.128
65.55.86.0 255.255.254.0
65.55.233.0 255.255.255.224
70.37.128.0 255.255.254.0
70.37.142.0 255.255.254.0
70.37.159.0 255.255.255.0
94.245.68.0 255.255.252.0
94.245.82.0 255.255.254.0
94.245.84.0 255.255.255.0
94.245.86.0 255.255.255.0
95.100.97.0 255.255.255.0
111.221.16.0 255.255.248.0
111.221.24.0 255.255.248.0
111.221.70.0 255.255.255.128
111.221.71.0 255.255.255.128
111.221.127.112 255.255.255.240
132.245.0.0 255.255.0.0
157.56.23.32 255.255.255.224
157.56.53.128 255.255.255.128
157.56.55.0 255.255.255.128
157.56.58.0 255.255.255.128
157.55.59.128 255.255.255.128
157.55.130.0 255.255.255.128
157.55.145.0 255.255.255.128
157.55.155.0 255.255.255.128
157.55.227.192 255.255.255.192
157.56.151.0 255.255.255.128
157.56.200.0 255.255.254.0
157.56.236.0 255.255.252.0
207.46.57.128 255.255.255.128
207.46.70.0 255.255.255.0
207.46.150.128 255.255.255.128
207.46.198.0 255.255.255.128
207.46.206.0 255.255.254.0
213.199.132.0 255.255.255.0
213.199.148.0 255.255.254.0
213.199.182.128 255.255.255.128

You will need to change the ACL on the internal interface as well for the users.

ip access-list extended ACL_VLAN_IN
1 permit tcp <local ip range> 0.0.0.255 object-group O365-IP-RANGE eq www
2 permit tcp <local ip range> 0.0.0.255 object-group O365-IP-RANGE eq 443

This will help to access the Microsoft servers for the office 2010 or higher for authentication and registration. You need to test several times to figure out what’s the best solution is for you.

One thought on “Office 365 installation / communication issues, with Cisco IOS router and Trustwave Webmarshal.

  1. For those unfamiliar with WebMarshal (or at least the older version 6.x), the Bypass Proxy List can be found in the Tools > Global Settings menu. Had this issue earlier with a customer.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s