ISAKMP is the protocol used to negotiate the tunnel on dial-up IPsec. After the first exchange, where encryption algorithms are negotiated (SA_INIT), the client sends message (IKE_AUTH MID=01) which contains a field with what he is capable of handling.

The following image is an example of a dial-up tunnel with FortiClient on Windows (decrypted):

In this case, the client informs FortiGate that the INTERNAL_IP4_SUBNET parameter can be accepted. This parameter is used to insert the split tunnel routes to the endpoint.

This is an image of the reply from the FortiGate side on message IKE_AUTH MID=05:

And this is the routing table of the endpoint after the connection:

On MacOS, native dial-up up the INTERNAL_IPv4_SUBNET is not sent on the first message, and as a result, the tunnel defaults to full tunnel instead of split. Here is an example of macOS (Decrypted):

Note: 

In case of split-tunnel configuration on macOS/IOS native client, the following attribute useConfigurationAttributeInternalIPSubnet should be configured to have the value=TRUE (by default is FALSE) so that the split tunnel routes are communicated by FortiGate to the client.