I am a bit confused - you're saying internal OWA connections - did you mean external instead? Your internal users should not be going through APM - they should be going to the internal VIP that does not have APM applied to it. External users should be going to APM.
Regarding Ex2003/2010 - if you use APM and configure SSO, it will send the credentials to 2010 CAS, which will then try to redirect you to Exchange 2003 server. I don't remember the exact details, but I did encounter that with one customer and there was a reason why that wasn't successfully SSOing user to Exchange 2003. My recommendation in this case is to use VPE's AD Query to determine where the mailbox of the user lives(2003 or 2010), and send them directly to the 2003 OWA interface, bypassing 2010 CAS altogether.
Regarding 3 - are you using portal mode by any chance instead of LTM+APM mode? What guidance did you use to setup APM for Exchange?
Regarding 4 - still fuzzy on what you mean here - you should be able to associate a pool of CAS servers with the external virtual just as you do with internal. If you point your external VIP to an internal VIP, you are still load-balanced, internal VIP is doing the load-balancing across that pool of CAS servers it has configured on it.