Which of the following statements are correct concerning IPsec dialup VPN configurations for FortiGate devices? (Choose two)
A. Main mode mist be used when there is no more than one IPsec dialup VPN configured on the same FortiGate device.
B. A FortiGate device with an IPsec VPN configured as dialup can initiate the tunnel connection to any remote IP address.
C. Peer ID must be used when there is more than one aggressive-mode IPsec dialup VPN on the same FortiGate device.
D. The FortiGate will automatically add a static route to the source quick mode selector address received from each remote peer.
CD
CD is OK.
A is OK when “mist”=my
A is WRONG when “mist”=must
D is not true. You need additional CLI config for that.
A,C is True
Although Main mode is more secure, you must select Aggressive mode if there is more than one dialup Phase 1 configuration for the interface IP address, and the remote VPN peer or client is authenticated using an identifier local ID
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-ipsecvpn-54/Phase_1/Choosing_Main_Aggressive.htm
CD
A,C