So were building our production deployment these days and trying to integrate with our ISE-deployment. In the lab we used a single vm/all personas ISE-deployment, and integrating ISE and DNA worked as per the documentation. Now we have 6 PSNs behind a BigIP with two admin/monitoring nodes, and i cant figure out how to integrate the two. I have enabled pxgrid on the pan and one psn, i have tried pointing DNA to the ip of the pan and the psn, but all result in the attached error. Error establishing trust with ISE: Expected failure phrase received: Trust establishment operation failed. Check ISE node role or whether remote server x.x.x.x is available.
Both the DNA enterprise-interface and the ISE PAN is on the same subnet, so no firewall issues. The documentation isnt clear on what ip to point DNA to, but im guessing its the node with pxgrid enabled right? So both PAN and the one PSN should work? I have not done any editing of certificates here, so all nodes run self signed default certs. I can not see the DNA center appear in the pxgrid approval list on the PAN.
Using tcpdump on the DNA, i can see DNA establishing a SSH-connection to ISE, but after a while the attached error appears.
