WSS agent used to access internet via WSS

WSS agent users in Office are unable to connect to Webex meetings. As soon as they click Join Meeting button, they see infinite "connecting" message.

All Webex traffic is bypassed from WSS, and is technically not going into WSS

Joining meeting from home network on same laptop works fine

Uninstalling WSSA from one of the impacted machine allowed office users to work fine - users would egress to internet via on-prem proxies using that route and not same path as non proxy traffic!

Users not egressing to internet directly for traffic from WSS Agents - GRE connection over Cisco router from local office to internet egress point

Non agent traffic sent to local proxy that egresses directly to internet

Egressing directly has no issues

Internal Cisco router configured with MTU that caused large packets coming into WSS agent host from Webex servers to be dropped

Reduce IP MTU size of local Cisco router 

Office site uses GRE to backhauls traffic to corporate data center before egressing out to internet via WSS. With the advertised MTU size, large payloads coming back from the Webex server would be blocked by an intermediate router and not make it to the WSS agent host. These large payloads included SSL cert information, which in turns caused the SSL handshake to fail. To address the issue, we dropped the MTU from 1476 to 1400. This means that the TCP MSS sent out with TCP SYN requests was smaller, which Webex used to reduce size of payload and bypass any MTU issues with intermediate routers.

interface Tunnel2
description WAN Internet VPN from BLA to SYD
ip unnumbered Loopback1
ip mtu 1476   <<< Reduce to 1400
ip tcp adjust-mss 1360
tunnel source GigabitEthernet0/0.10
tunnel destination 111.111.111.111