from what i understand you want to load balance IPsec through the BIG-IP
first of all make sure you disable the F5 looking at the ipsec traffic, else it will fail
https://support.f5.com/csp/article/K14169
it suggests L4 which i would keep on any service, so you don't have to worry about difference between 4500 and 500 and ESP protocol
for persistence you need to look at the options
if IP source based persistence isnt possible due to change client IP you need to find something else.
it might be you just get different tunnels every time
https://devcentral.f5.com/questions/load-balancing-vpn-connection