Cisco – Office 365 | Office 365 IP object range on a Cisco IOS Router

Leave a Comment / Cisco, Inter-networking ( Routers ), Microsoft, Office 365, Tech Blog / By

In addition of my previous post “Cisco – Office 365 | Office 365 IP object range on a Cisco ASA”
You might need it on a Cisco IOS router.
It can happen that you need to configure an IP object range for office 365. I most cases this is because you have a policy that client users are not able to connect directly to the internet. Because of the company policy.
In case of the last option where you probably have blocked all http and or https traffic you need to exclude some ranges if you are using Office 365. This is because the office versions are not able to register or able to install on the client devices.
The fastest way to create this exclusion is to make an object-group with the networks ranges and hosts which Microsoft has written on their website.
https://onlinehelp.microsoft.com/en-us/office365-enterprises/hh373144.aspx
On that website you can find the exception list back for Proxies and firewalls.
To continue the configuration on your Cisco ISR IOS device. Below is tested on several versions of the IOS software
Note I’ve this not tested via the GUI interface I configure these devices via the CLI.

object-group network O365-IP-RANGE
host 65.52.98.231
host 157.55.44.71
host 65.52.148.27
host 65.52.184.75
host 65.52.196.64
host 65.52.208.73
host 65.52.240.233
host 65.54.55.201
host 70.37.97.234
host 94.245.117.53
host 94.245.108.85
host 65.55.239.168
host 111.221.111.196
host 157.55.185.100
host 157.55.194.46
host 207.46.216.54
host 207.46.73.250
65.54.54.32 255.255.255.224
65.54.74.0 255.255.254.0
65.54.80.0 255.255.240.0
65.54.82.0 255.255.255.0
65.54.165.0 255.255.255.128
65.55.86.0 255.255.254.0
65.55.233.0 255.255.255.224
70.37.128.0 255.255.254.0
70.37.142.0 255.255.254.0
70.37.159.0 255.255.255.0
94.245.68.0 255.255.252.0
94.245.82.0 255.255.254.0
94.245.84.0 255.255.255.0
94.245.86.0 255.255.255.0
95.100.97.0 255.255.255.0
111.221.16.0 255.255.248.0
111.221.24.0 255.255.248.0
111.221.70.0 255.255.255.128
111.221.71.0 255.255.255.128
111.221.127.112 255.255.255.240
132.245.0.0 255.255.0.0
157.56.23.32 255.255.255.224
157.56.53.128 255.255.255.128
157.56.55.0 255.255.255.128
157.56.58.0 255.255.255.128
157.55.59.128 255.255.255.128
157.55.130.0 255.255.255.128
157.55.145.0 255.255.255.128
157.55.155.0 255.255.255.128
157.55.227.192 255.255.255.192
157.56.151.0 255.255.255.128
157.56.200.0 255.255.254.0
157.56.236.0 255.255.252.0
207.46.57.128 255.255.255.128
207.46.70.0 255.255.255.0
207.46.150.128 255.255.255.128
207.46.198.0 255.255.255.128
207.46.206.0 255.255.254.0
213.199.132.0 255.255.255.0
213.199.148.0 255.255.254.0
213.199.182.128 255.255.255.128

And on the ACL on the internal interface you need to configure these settings.

remark Office 365
permit tcp < lan address + wildcard > object-group O365-IP-RANGE eq www
permit tcp < lan address + wildcard > object-group O365-IP-RANGE eq 443

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.