When troubleshooting Dial Up IPsec VPN with IKEv2, the following error is seen in IKE debugs: 

ike V=root:0:IPsec-Home-W:17: responder received EAP msg
ike V=root:0:IPsec-Home-W:17: unexpected payload type 41
ike V=root:0:IPsec-Home-W:17: schedule delete of IKE SA de9a206cc7d94ad0/957aa4c9698f726b
ike V=root:0:IPsec-Home-W:17: scheduled delete of IKE SA de9a206cc7d94ad0/957aa4c9698f726b
ike V=root:0:IPsec-Home-W: connection expiring due to phase1 down

Following IKE debugs can be run to troubleshoot the Dial Up IPSEC VPN issues:

diagnose vpn ike log-filter clear
diagnose vpn ike log-filter dst-addr4 x.x.x.x <----- Replace x.x.x.x with the Public IP of the Test user PC.
diagnose debug application ike -1

diagnose debug application fnbamd -1  <---- Enable to see for any authentication issue. 
diagnose debug console timestamp enable
diagnose debug enable

To stop the debugs:

diagnose debug disable

diagnose debug reset 

Note:
Starting from v7.4.1, the 'diagnose vpn ike log-filter dst-addr4' command has been changed to 'diagnose vpn ike log filter rem-addr4'.

This issue was reported with FortiClient macOS 14 and 15. To resolve this issue, check the preshared key on both sides (FortiGate and FortiClient) and make sure that they are the same.

ISAKMP payload 41 is 'Notify'. This payload has different sub-types. When the presharded key does not match, macOS FortiClient will send a 'Notify type 24 (AUTHENTICATION_FAILED)'.