We have deployed Virtuals with both the one-armed and the inline mode. How you do it is based off your specifics.
You need to retain the original IP address of the clients, if your web servers can examine the X-Forwarded-For or XFF identifier in the header, then doing an in-line will work well. You can offload the SSL to the F5 and still use all load balancing methods.
If you cannot look at the X-forwarded-for method, you can still use the in-line, but would need to have routes to the F5 for return public traffic. ( server default routes would point to the F5, any RFC-1918 routes would point to another gateway in our environment ).
The One Arm method works well for many things, but will remove your ability to offload the SSL and limit the load balancing choices ( no cookies.. someone correct me if I'm wrong here ). Typically each web server will need a loopback of the public IP to accept the One Armed traffic.
The Inline method does not require you to use different subnets. We do an inline method for many instances with all IPs in the same RFC-1918 subnet. We just have the firewall forward traffic for the public IP address of the load balanced web traffic to the failover RFC-1918 IP address of our LTM pair.
Hope this helps.
Jason