If your servers use the BIG-IP as their default gateway, you can preserve the original client IP by not SNAT'ing those connections at the BIG-IP (it preserves client IP by default). The IP header is not encrypted in SSL, so BIG-IP can still SNAT even with SSL connections. But if it is not possible for you to configure the network this way (without SNAT), then hoolio is correct, you will need to decrypt the SSL at the BIG-IP in order to be able to manipulate the data in the rest of the headers (ie, using an X-Forwarded-For header to include the original client IP).
Denny