Cisco – Office 365| Office 365 IP object range on a Cisco ASA

It can happen that you need to configure an IP object range for office 365. I most cases this is because you have a policy that client users are not able to connect directly to the internet. Because of the company policy.

In case of the last option where you probably have blocked all http and or https traffic you need to exclude some ranges if you are using Office 365. This is because the office versions are not able to register or able to install on the client devices.

The fastest way to create this exclusion is to make an object-group with the networks ranges and hosts which Microsoft has written on their website.

https://onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx

On that website you can find the exception list back for Proxies and firewalls.

To continue the configuration on your Cisco ASA device. Below is tested on an ASA version 9.1.2 (ASA 5515-X)
Note you can add this list via de ASDM but I won’t recommended unless you want to keep yourself busy.

object-group network O365-Networks
description Office 365 Networks
network-object 65.54.54.32 255.255.255.224
network-object host 65.52.98.231
network-object host 157.55.44.71
network-object host 65.52.148.27
network-object host 65.52.184.75
network-object host 65.52.196.64
network-object host 65.52.208.73
network-object host 65.52.240.233
network-object host 65.54.55.201
network-object host 70.37.97.234
network-object host 94.245.117.53
network-object host 94.245.108.85
network-object host 65.55.239.168
network-object host 111.221.111.196
network-object host 157.55.185.100
network-object host 157.55.194.46
network-object host 207.46.216.54
network-object host 207.46.73.250
network-object 65.54.74.0 255.255.254.0
network-object 65.54.80.0 255.255.240.0
network-object 65.54.82.0 255.255.255.0
network-object 65.54.165.0 255.255.255.128
network-object 65.55.86.0 255.255.254.0
network-object 65.55.233.0 255.255.255.224
network-object 70.37.128.0 255.255.254.0
network-object 70.37.142.0 255.255.254.0
network-object 70.37.159.0 255.255.255.0
network-object 94.245.68.0 255.255.252.0
network-object 94.245.82.0 255.255.254.0
network-object 94.245.84.0 255.255.255.0
network-object 94.245.86.0 255.255.255.0
network-object 95.100.97.0 255.255.255.0
network-object 111.221.16.0 255.255.248.0
network-object 111.221.24.0 255.255.248.0
network-object 111.221.70.0 255.255.255.128
network-object 111.221.71.0 255.255.255.128
network-object 111.221.127.112 255.255.255.240
network-object 132.245.0.0 255.255.0.0
network-object 157.56.23.32 255.255.255.224
network-object 157.56.53.128 255.255.255.128
network-object 157.56.55.0 255.255.255.128
network-object 157.56.58.0 255.255.255.128
network-object 157.55.59.128 255.255.255.128
network-object 157.55.130.0 255.255.255.128
network-object 157.55.145.0 255.255.255.128
network-object 157.55.155.0 255.255.255.128
network-object 157.55.227.192 255.255.255.192
network-object 157.56.151.0 255.255.255.128
network-object 157.56.200.0 255.255.254.0
network-object 157.56.236.0 255.255.252.0
network-object 207.46.57.128 255.255.255.128
network-object 207.46.70.0 255.255.255.0
network-object 207.46.150.128 255.255.255.128
network-object 207.46.198.0 255.255.255.128
network-object 207.46.206.0 255.255.254.0
network-object 213.199.132.0 255.255.255.0
network-object 213.199.148.0 255.255.254.0
network-object 213.199.182.128 255.255.255.128

On the ACL of the internal interface you need to add the follow rules

remark Office 365
permit tcp <internal ip range + wildcard > object-group O365-Networks eq www
permit tcp <internal ip range + wildcard > object-group O365-Networks eq 443

Advertisements

One thought on “Cisco – Office 365| Office 365 IP object range on a Cisco ASA

  1. Pingback: Cisco – Office 365 | Office 365 IP object range on a Cisco IOS Router | Glazenbakje's Weblog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s