Looks like you do not have access to port 4353.
It is always better to establish the iQuery connection on the TMM interfaces rather than the management interface.
Typically the management interfaces live on a separate zone in which case might not have 4353 port access.
My next option would be give 4353 and 22 port access to one of the Selp IP. Change the port lockdown setting on the BIG-IP as well to accept 22 and 4353.
If gtm_add still doesnt work try this:
As at this point the key exchange might have been performed remove the entry for the host in the known_hosts file. This will be the IP address against which you have unsuccessfully run the gtm_add command against.
Log in to the appropriate BIG-IP GTM command line:
vi /root/.ssh/known_hosts, search for and remove existing entry for (to run gtm_addl)
Only remove entries containing address of the GTM (GTM against which you performed the gtm_add).
Make sure that only the server.crt exists in the /config/httpd/conf/ssl.crt folder on the GTM against which you are performing the gtm_add against.