Hi all,

i have problem with adding secondary node to primary. I can ping them, nslookup on both sides gives me correct entry. I did tcp dump on destination FW, don't see that something is blocking...primary is using 443 port when I try to register secondary node.

PRIMARY:

ise01/admin# nslookup ise02.net.biz
Trying "ise02.net.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31656
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ise02.net.biz. IN ANY

;; ANSWER SECTION:
ise02.net.biz. 3600 IN A 172.28.208.208

ise01/admin# ping ise02.net.biz
PING ise021.net.biz (172.28.208.208) 56(84) bytes of data.
64 bytes from 172.28.208.208: icmp_seq=1 ttl=59 time=25.3 ms
64 bytes from 172.28.208.208: icmp_seq=2 ttl=59 time=24.7 ms
64 bytes from 172.28.208.208: icmp_seq=3 ttl=59 time=24.6 ms
64 bytes from 172.28.208.208: icmp_seq=4 ttl=59 time=25.1 ms

ise02/admin# nslookup ise01.net.biz
Trying "ise01.net.biz"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1261
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ise01.net.biz. IN ANY

;; ANSWER SECTION:
ise01.net.biz. 293 IN A 10.64.96.96

ise02/admin# ping ise01.net.biz
PING ise01.net.biz (10.64.96.96) 56(84) bytes of data.
64 bytes from 10.64.96.96: icmp_seq=1 ttl=59 time=24.7 ms
64 bytes from 10.64.96.96: icmp_seq=2 ttl=59 time=24.4 ms
64 bytes from 10.64.96.96: icmp_seq=3 ttl=59 time=24.5 ms
64 bytes from 10.64.96.96: icmp_seq=4 ttl=59 time=24.4 ms

Both devices use same version.

This is message that I'm getting :