Chapter 11 IPsec VPN for FortiOS 5.0 : Auto Key phase 1 parameters : Choosing main mode or aggressive mode
  
Choosing main mode or aggressive mode
The FortiGate unit and the remote peer or dialup client exchange phase 1 parameters in either Main mode or Aggressive mode. This choice does not apply if you use IKE version 2, which is available only for route-based configurations.
In Main mode, the phase 1 parameters are exchanged in multiple rounds with encrypted authentication information
In Aggressive mode, the phase 1 parameters are exchanged in single message with authentication information that is not encrypted.
Although Main mode is more secure, you must select Aggressive mode if there is more than one dialup phase 1 configuration for the interface IP address, and the remote VPN peer or client is authenticated using an identifier local ID). Descriptions of the peer options in this guide indicate whether Main or Aggressive mode is required.