+1
On FortiGate you can specify "local-gw" and "remote-gw" for the IPSEC phase1, this gives you quite a bit of flexibility on devices with multiple IP addresses allowing you to terminate/originate a tunnel to a specific IP but not others.
Example config from Fortigate:
config vpn ipsec phase1
edit "P1-SupplierVPN"
set interface "port1"
set local-gw 10.98.50.1
set dhgrp 2
set keylife 86400
set proposal 3des-sha1
set remote-gw 26.43.2.70
set psksecret ENC #######
next
Also, I know the Mikrotik guys laugh about how many times I have requested this, but PLEASE add Virtual Tunnel Interfaces to IPSEC, and finish off xauth-RADIUS support so its actually useful