Query related to F5-APM design and flow

Dear Friends,

just want to clarify some design and architecture part regrading APM:

1. want to implement APM with multiple business department with two set of zone; VPN access zone where users will connect only and authorization zone where user can access the resources as per the PAM policy advance resource assignment.
2. from Top, high-end Big-IP appliance with 3 vCMP guests for 3 business department -on there appliances we have to provision LTM,APM and Bigip-dns .
3. Below side(authorization zone) appliances also will create 3 vCMP where users will get the required access of app and servers.
4. now customer wants to have a single URL who can redirect the traffic to respective Business department.
5. secondly. how can i redirect vpn request of a user in two APM applainces i.e. network conenct only(access) and then access the resource.