Hi,
Yes in this case you need a:
- client ssl
- server ssl
Yes you can use serverssl defaul porfile, I advise you to use "serverssl-insecure-compatible" for server ssl profile. And of course is required in your case.
Just keep in mind that serverssl-insecure-compatible profile types to allow negotiation of weak Secure Sockets Layer (SSL) ciphers for a BIG-IP virtual server. The cipher lists for the clientssl-insecure-compatible profile include some deprecated ciphers, such as DES-CBC-SHA and all MD5 cipher suites. It will allow you to negotiate with your backend even if it use depreciate cipher or use bade cert (not signed by trusted CA, ...)
regards.