EDIINT with Reverse Invoke

We are deploying webmethods 6.0.1/TN6 and EDIINT/AS2 on Solaris 2.8 in a reverse invoke setup with load balanced proxy servers in the DMZ and internal servers with EDIINT/TN inside the secured environment.
A client of ours has requested for the Asynchronous MDN (Message Delivery Notification) capability of AS2.

1- How can we accomplish this (Asynchronous MDN/connectivity) with our current setup (Reverse Invoke) without having to install EDIINT/TN and a database (for TN) in our DMZ, since DMZ/proxy servers are the only servers with access to the Internet. Also, even if we install all this software in DMZ, wouldn’t we need to sync up the two TN setups/TN databases (Proxy/Internal).

2- Are there any issues in using client side HTTPS/SSL authentication for both incoming and outgoing AS2 messages. Meaning If we are sending data using AS2 and other side require HTTPS/SSL client side validation. I am assuming that this can be achieved using the setkeyAndChain methods in our services.


We use wM 4.6 with reverse proxy in DMZ and internal server with TN and EDIINT, providing an async. MDN over HTTPS with client certs for authentication.
TP connects to RI which forwards to internal, internal provides async. MDN out through our proxy servers (we have 2, but note that these are NOT the RI’s but something like Squid proxy web servers)
This was a standard install of wM and it works.
So the main difference apart from you using v6 is that we are not using 2 reverse invokes and 2 internal servers.
You don’t need EDIINT/TN on the RI servers for this.
We don’t have any issues with our TP authenticating to us via a client cert. in the HTTPS session.