First consider that the BIG-IP (LTM) is a FULL PROXY architecture, which essentially means that controls and maintains two separate channels, one between it and the client, and one between it and the server. At a minimum this equates to separate TCP connections, but can also mean separate SSL sessions. We typically give different names to the way in which SSL is handled (or not handled) within the LTM:
SSL offload generally refers to doing SSL on one side of the proxy, usually the client side, and not doing SSL on the other side, usually the server side. In this case you just need the one SSL profile on that side that's terminating (or initiating) the SSL.
SSL bridging refers to the process of decrypting from the client (via client SSL profile) and re-encrypting to the server (via server SSL profile). And just like offloading, the LTM has access to the clear text application data in the middle.
SSL tunneling refers to not handling the SSL layer at all, where the LTM has neither client not server SSL profiles, and cannot access the application layer traffic. Tunneling also has the side effect of making persistence (load balancing affinity) and security controls harder to accomplish as the LTM is blind to the application data.