For this integration, you need to create two TLS proxy instances. The first TLS proxy handles the TLS connections initiated
by the IM and Presence Service, where the IM and Presence Service is the client and the external domain is the server. In this case, the Cisco Adaptive Security Appliance acts as the TLS server facing the "client" which is the IM and Presence Service. The second TLS Proxy handles the TLS connections initiated by the external domain, where the external domain is the client
and where the IM and Presence Service is the server.
The TLS proxy instance defines
"trustpoints" for both the server and the client. The direction
from which the TLS handshake is initiated determines the trustpoint defined in
the server and client commands:
-
If the TLS handshake initiates from the IM and Presence Service to the external domain, the server command specifies the trustpoint that contains the Cisco Adaptive Security Appliance self-signed certificate. The client command specifies the trustpoint that contains the Cisco Adaptive Security Appliance certificate that is used in the TLS handshake between Cisco Adaptive Security Appliance and the external domain.
-
If the handshake initiates from the external domain to the IM and Presence Service, the server command specifies the trustpoint that contains the Cisco Adaptive Security Appliance certificate the TLS handshake uses between the Cisco Adaptive Security Appliance and the external domain. The client command specifies the trustpoint that contains the Cisco Adaptive Security Appliance self-signed certificate.