Is there any documentation to do Mutual Auth?

You want to make sure a connecting user is authenticated and authorized to access certain resources on the BigIP (i.e VIPS). Kevin suggested "APM", which you will need a module license if you haven't already got that. Or, the LTM module suggested has in SSL authentication features. First you can do all your SSL client authentication within BigIP by ensuring that client certificates presented by the client browser at the beginning of the session is authorized by pre-loaded "Trusted CA" on the BigIP or Advertised CAs from the BigIP. This is simple and straight forward. The extended authentication can be offloaded to an external server (radius, tacas or ldap). In this case, client authentications are checked on the BigIP against what was pre-configured on external servers. The checks carried out (either user key, certificate map, certificates etc) must match in some form what was held in the ldap database. https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_auth_profiles.html1197346