Any update on IPSec to a virtual server address?

One thing you lose when putting things behind the F5 versus allowing direct connectivity to servers is the ease of setting up an IPSec connection between the workstation and the server/application. There are a lot of advantages to this that even APM cannot solve (ie non https/https traffic). With new attacks out in the wild that bypass 802.1x and MACSec having the ability to set up IPSec between the workstation and virtual server is more important than before. Has anyone found a way to accomplish this or has engineering discussed this at all?