in general with an iRule you can do what you want, for example taking parts of the cookie content and encrypting that, but leaving the rest. the built in functionality won't do this for you.
you could consider two cookies, one with what needs to be unencrypted and one with encryption.
also isn't your webserver behind the big-ip, why is encryption a problem then? it is encrypted between the client and big-ip, but unencrypted to the webserver.
can you show the content of the cookie? because the remark leaving the virtual ip address exposed doesn't make quite sense.