SRX

I'm configuring  a srx-650 cluster off line to replace our aging egde equipment and want to terminate some site to site VPNs on a loopback. 

I need to know how the security -> ike -> gateway -> external-interface command really works. Can I set this to lo0.0  and let routing send the traffic to the current default route?.  

I have dual ISPs and am running BGP getting default route only .  I need the VPNs to go to the appropriate reth interface depending on which is the active ISP.  One has 10 X the bandwidth of the other so I do not want to load ballance. 

 Any help would be appreciated.

A workaround for configuring a VPN, with the loopback IP as the gateway, is to configure the loopback interface and the external physical interface as part of the same security zone.

Yes, you can terminate VPNs on loopback interfaces.

The "external-interface" is used for Peer-ID in the IKE negotiation, it will send the IP of the "external-interface" as the local Peer ID.

Just make sure you have the host-inbound-traffic/system-services configured on the loopback to allow IKE, and probably ping, if you want to use DPD, though there's been some back-and-forth about how that actually works.  Also, if your loopback interface is in the same zone as the physical interface which traffic will be arriving/departing on, you'll need a intra-zone security policy to pass the traffic between the interfaces within the same zone.