no you could not simply change the nat settings from your app servers today to the f5 without apm. what apm provides with ica proxy is the ability to eliminate the direct nats for the application servers to provide greater security for the backend citrix environment.
it also eliminates the need to have multiple ssl certificates running on all the internal app servers as well.
this is because apm would be the one and only connection point clients would need to resolve to by dns and encrypt with an ssl certificate and your firewall would only need to open one nat for port 443 so that the ssl connection from client hitting the apm/ltm vip could do the authentication and ICA proxy all together adding to the security layering by not allowing for direct port/network address translation to the application servers.
further more the APM also adds more security by applying token values to the sessions so access to the application servers cannot be replayed by someone simply clicking on some launch.ica file in the cache of a browser from something like a shared systems that multiple users could have access to so they cannot simply walk right through the firewall and into an application server without being asked to authenticate first.
apm add more granular authentication and identity of who is logged in and accessing the environment by making sure the users first supply their credentials to be authenticated by active directory and if they are successful then apm can forward them onto the wi/xml broker/application servers accordingly as needed throughout their transaction/session.
Hope that helps.