Cisco ASA and Office 365

Office 365 is widely used between many customers. Some of them happen to manage all the Internet connections through a Cisco ASA, not the fancy ASA-X with Firepower, just the plain old 5510.

I was asked to allow Office 365 traffic, looks easy huh?

Step 1: know your enemy

After some Google-fu I found Microsoft kindly provides an update list of the IP/subnet/URLs necessary to access various services including Office 365, Lync, OneNOte etc.

It’s just a matter to add them on ASA.

Step 2: the lazy approach A.K.A. if you think you’ll do it more than once automate it!

I must admit the first time (a few weeks ago) I did it via bash with a little help from sed and awk.

The problem is the list is updated quite often and the process required some manual steps (and I don’t remember where I saved the original script ;-) ) so I moved to Python this time.

With a few Google searches and the usual trial&error approach I reached my goal in less than 30m: a MVP that works and allows me to reach the final result –> an happy customer.

You can see and download the script from my github account.

Wrap up

I know the code is not elegant but it works, I don’t plan to spend more time on it soon since I’ve other priorities but feel free to use and improve it and share with the community.

 
comments powered by Disqus