Hi Siddharth,
first a short explanation, how we are using this kind of scenario. We are using different URLs/DNS-names for access with and without mutual SSL. Means we have different VIPs configured on the LB in front of the API GWs, one with mutual SSL enabled and the other without. Using just a single VIP on the LBs depends at least on the manufactor and its provided features of the LB. Assuming it's hopefully a F5 LB you could work with two different SSL-profiles on the same VIP (one with mutual SSL enabled and the other without), which will be identified/choosen based on SNI (assuming all your consumers are supporting SNI). So you still need two different DNS-names, which are both resolving to the same VIP on the LB.
Hope that's clear and helpful for you.
Ciao Stefan