If you have access to a hardware load balancer with your company, then what you explained should work, with one exception.
Exception, traffic from the SAP Router systems initiating traffic to SAP service market, it is going to use the real IPs on the servers; and won't help you with limiting the number of tunnels to SAP.
Solution - NAT the traffic to the same IP address so the VPN connection has the same source public IP address.
I would think the only issue after this would be if a SAP Router went offline while EWAs were being sent to SAP or if you have an open connection from SAP to your system; the load balancer would redirect everything to the other router, but all sessions would be dropped as stateful tables would have to be rebuilt from scracth, due to TCP behavior 
.