BWC iRule

This might be what you're looking for.

https://community.f5.com/discussions/technicalforum/irule-for-bandwidth-throttling-per-client-ip/218195

Thanks. I do not want to be managing a IP client addresses using datagroups or what so ever. 
The BWC iRule must apply to any upcoming client IP address

As long as you don't need the system to treat the client IPs differently, you don't need to keep track of them.

To use an irule like this on the inner-tunnel, you'll need to create a "layered virtual server" for your VPN users, it must be more specific than the default one that APM sets up, so you'd set the source net IP to be your leasepool, and the VLAN to be the connectivity profile's name (APM treats the VPN traffic as coming in on a pseudo-VLAN). Set this as Fast-L4 -- no SSL or HTTP profiles. And apply the CMP change mentioned in that article.

Once this virtual is set up, confirm that the stats increment (TMM is selecting it for new flows from your VPN users), and then attach a simplified irule like Paulius mentioned:

when CLIENT_ACCEPTED { rateclass rateshape_1mb }

I think you'll see better performance by ratelimiting on the inner-tunnel (the traffic-handler vip) rather than ratelimiting on the outer-tunnel (the vip that outside VPN users auth to).

Another more complex approach might be this one:

APM VPN Bandwidth Controller iApp | DevCentral

Thanks Lucas_Thompson

I wish to keep it simple and stupid. I deployed an Exchange Server using the iApp. So a virtual server Exchange2006iapp_combined_https was automaticaly created and has pool members offering services like AS (ActiveSync), ews, mapi and owa. What I need is a BWC policy to to handle the bandwidth when any of the aboved mentionned services is triggered by a client.....