Cisco ASA and Office 365

Office 365 is widely used between many customers. Some of them happen to manage all the Internet connections through a Cisco ASA, not the fancy ASA-X with Firepower, just the plain old 5510.

I was asked to allow Office 365 traffic, looks easy huh?

Step 1: know your enemy

After some Google-fu I found Microsoft kindly provides an update list of the IP/subnet/URLs necessary to access various services including Office 365, Lync, OneNOte etc.

It’s just a matter to add them on ASA.

Step 2: the lazy approach A.K.A. if you think you’ll do it more than once automate it!

I must admit the first time (a few weeks ago) I did it via bash with a little help from sed and awk.

The problem is the list is updated quite often and the process required some manual steps (and I don’t remember where I saved the original script ;-) ) so I moved to Python this time.

With a few Google searches and the usual trial&error approach I reached my goal in less than 30m: a MVP that works and allows me to reach the final result –> an happy customer.

You can see and download the script from my github account.

Wrap up

I know the code is not elegant but it works, I don’t plan to spend more time on it soon since I’ve other priorities but feel free to use and improve it and share with the community.

comments powered by Disqus
Creative Commons License This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License