Hi Alex,
Before you can register any routers to the CM, I will suggest next steps:
- check if you can ssh to the router from the CM cli by using the same credentials you have specified in the IOS global credentials and/or for that specific device in the CM GUI.
- if that is all good, then it might be thats the router has been registered before, or somehow the CM has its information but with mismatch cert: then try to delete that router from the CM, reimport the CMs cert to the router and regenerate new self signed cert on the router and then register it again, link:
https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v531/configuration/guide/cnfg/other.html#44813
sections: "importing the CM certificate" and "Configuring router certificate"
- if none of the above helps, I would suggest to do pcap on the CM and investigate what breaks the handshake.
I have seen the situation, when the lower mtu breaks the connections, check if you have in the middle like any dmvpn with mtu of 1400, when you have 1500 default on the CM interface. Then, reducing the mtu on the