If I may add, it seems extremely unusual that the CLIENTHELLO, the very first message in an SSL handshake, would be different between two end points. Are you absolutely certain that the client contacting the VSP through the F5 is the same client that talking directly to the VSP (perhaps different processes)? If you attempt multiple connections with the F5 in place, do you see the same cipher sets in the CLIENTHELLO for each attempt?
It's important to understand that ProxySSL provides a mechanism for the client and server to perform a direct SSL handshake. The ProxySSL function essentially shunts the SSL filter during this phase of the session, captures the pre-master secret token sent by the client, and then enables the filter for (transparent) bulk de/re-encrpytion. In other words, if ProxySSL is configured correctlt, the handshake you see should be between the client and server. What Nathan states from the SOL is important in that the F5 must be able to support the cipher that the client and server negotiate in the handshake (for bulk encryption). As a first test, I would disable ASM, the HTTP profile (if one is applied) and both client and server SSL profiles. This creates a pure layer 4 "SSL tunnel" through the F5. Test connectivity this way. If it works, then re-add just the client and server SSL profiles. Both profiles should have the ProxySSL option enabled, and (at a minimum) the private key associated with the VSP. If you notice that the client and server routinely negotiate a non-RSA cipher, then look into whether it's possible to configure the VSP to prefer RSA ciphers.