Hi Alex,
As you have mentioned , you can nat the traffic first and send it to a VR , you may terminate the VPN on the interface
inside the VR and this should solve your problem.
However there are few points that you need to consider:
# The throuput would go down as for same traffic is traversing the SRX twice.
# The number of session would reduce.
# In short the overall efficiency of the SRX would reduce as for SRX traffic is doubled.
# It may work but Juniper doesn't support NAT on policy based VPN's so JTAC will not be able to move ahead on this issue.
Regards
Hemant