My "jump-vs" is the SNI-Router VS, or in other words the "outer VS". So there is the SNI-Routing LTM policy applied. This VS is only used for service ports, which are used for SSL/TLS connections - otherwise SNI wouldn't work. I didn't check if DTLS does support SNI and therefore didn't use the "jump-vs". So my DTLS VS is just another Standard VS, without any LTM policies applied. On the other hand, the SNI-Routing LTM policy doesn't support the combination of SNI and TCP port conditions (at least not in my environments, tested with 13.1.x, 14.x and 15.0). For me this resulted in TCP resets on the outer VS.
This special environment has only a single private IP address, forwarded from a NAT router in front of the BIG-IP, which has a single public IP address.
My setup is on 15.0.x and will be updated to 15.1.x within the next days.