For security purpose, all your VMs are already guaranteed to have 2 or more IP addresses in different VLANs. The interface of a web server (or other service) that terminates untrusted requests must be completely segregated from the interface that accepts SSH connections. In a typical design scenario that considers good network security practices, there are even more, usually 3 IP addresses, all in different VLANs, per VM. First one is for Management. Second is for front-end (listener of untrusted requests), and third is for back-end - interface that the VM itself uses to communicate to external dependencies such as database or authentication server. It's also not a bad idea to configure that back-end interface as a secondary listener which accepts trusted requests that bypass BigIP (Your app developers will be forever grateful)
Assuming a Linux Web Server as VM, you can use iproute2 software to create multiple default gateways and map them to specific interfaces. If you use BigIP, there are no valid drawbacks to have the front-end interface of a VM use BigIP as its Default Gateway.