Chapter 11 IPsec VPN for FortiOS 5.0 : Auto Key phase 1 parameters : Authenticating remote peers and clients
  
Authenticating remote peers and clients
Certificates or pre-shared keys restrict who can access the VPN tunnel, but they do not identify or authenticate the remote peers or dialup clients. You have the following options for authentication:
Table 73: Methods of authenticating remote VPN peers
Certificates or Pre-shared key
Local ID
User account pre-shared keys
Reference
Certificates
 
 
See “Enabling VPN access for specific certificate holders”
Either
X
 
See “Enabling VPN access by peer identifier”
Pre-shared key
 
X
See “Enabling VPN access with user accounts and pre-shared keys”
Pre-shared key
X
X
See “Enabling VPN access with user accounts and pre-shared keys”
For authentication of users of the remote peer or dialup client device, see “Using XAuth authentication”.