What about if you did this:
Create a pool under local traffic, put your one terminal server in there on port 3389. Then you create a VIP on an arbitary IP, e.g. 192.168.200.1, running on an arbitary port e.g. (as you specified 42000) In your VIP settings, select your newly created pool. Now you will have a VIP listening on 4200, pointing to your terminal server in the pool running on 3389.
Client => VIP:192.168.200.1:4200 => Pool:Terminal Server IP:3389
Then, for your app tunnel, you put the VIP IP address (instead of the real IP address) then you choose your port as 4200. Connections will be translated from 4200 to 3389 by the LTM functionality when it hits the BIGIP.
I just tried it now by setting it up and it worked (except I used the Remote Desktops feature under Application Access instead of an application VPN) but the principle is the same so it should work fine I'm guessing (I've not used the Application before VPN though so not 100% sure)
Thanks