Client VPN IPSEC with FortiClient fail

Question

Hi at all,I create a VPN IPSEC for FortiClient:And this is the client configuration:But the connection fail every time I have enabled the debug log:ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044Eike 0:2b2bdae897a15850/0000000000000000:7007: responder: aggressive mode get 1st message...ike 0:2b2bdae897a15850/0000000000000000:7007: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100ike 0:2b2bdae897a15850/0000000000000000:7007: VID RFC 3947 4A131C81070358455C5728F20E95452Fike 0:2b2bdae897a15850/0000000000000000:7007: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448ike 0:2b2bdae897a15850/0000000000000000:7007: VID draft-ietf-ipsec-nat-t-ike-02
 90CB80913EBB696E086381B5EC427B1Fike 0:2b2bdae897a15850/0000000000000000:7007: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712ike 0:2b2bdae897a15850/0000000000000000:7007: VID DPD AFCAD71368A1F1C96B8696FC77570100ike 0:2b2bdae897a15850/0000000000000000:7007: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEFike 0:2b2bdae897a15850/0000000000000000:7007: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044Eike 0::7007: peer identifier IPV4_ADDR 192.168.111.106ike 0: IKEv1 Aggressive, comes ClientIP:1011->FortiGateIPWAN 8ike 0:2b2bdae897a15850/0000000000000000:7007: negotiation resultike 0:2b2bdae897a15850/0000000000000000:7007: proposal id = 1:ike 0:2b2bdae897a15850/0000000000000000:7007: protocol id = ISAKMP:ike 0:2b2bdae897a15850/0000000000000000:7007: trans_id = KEY_IKE.ike 0:2b2bdae897a15850/0000000000000000:7007: encapsulation = IKE/noneike 0:2b2bdae897a15850/0000000000000000:7007: type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256ike 0:2b2bdae897a15850/0000000000000000:7007: type=OAKLEY_HASH_ALG, val=SHA2_256.ike 0:2b2bdae897a15850/0000000000000000:7007: type=AUTH_METHOD, val=PRESHARED_KEY.ike 0:2b2bdae897a15850/0000000000000000:7007: type=OAKLEY_GROUP, val=MODP1536.ike 0:2b2bdae897a15850/0000000000000000:7007: ISAKMP SA lifetime=86400ike 0:2b2bdae897a15850/0000000000000000:7007: SA proposal chosen, matched gateway IPSEC Siteike 0:IPSEC Site: created connection: 0x8a93f90 8 FortiGateIPWAN->ClientIP:1011.ike 0:IPSEC Site: HA start as masterike 0:IPSEC Site:7007: DPD negotiatedike 0:IPSEC Site:7007: XAUTHv6 negotiatedike 0:IPSEC Site:7007: peer supports UNITYike 0:IPSEC Site:7007: enable FortiClient license checkike 0:IPSEC Site:7007: enable FortiClient endpoint compliance check, use 169.254.1.1ike 0:IPSEC Site:7007: selected NAT-T version: RFC 3947ike 0:IPSEC Site:7007: cookie 2b2bdae897a15850/49b30d437196aa60ike 0:IPSEC Site:7007: ISAKMP SA 2b2bdae897a15850/49b30d437196aa60 key 32:535E22C25C951B195F4E010D9B549FBF58CF32044CA6EC6D588076F7C961A751ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (agg_r1send): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (P1_RETRANSMIT): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044Eike 0:IPSEC Site:7007: retransmission, re-send last messageike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (retransmit): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044Eike 0:IPSEC Site:7007: retransmission, re-send last messageike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (retransmit): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (P1_RETRANSMIT): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike 0: comes ClientIP:1011->FortiGateIPWAN:500,ifindex=8,vrf=0....ike 0: IKEv1 exchange=Aggressive id=2b2bdae897a15850/0000000000000000 len=508 vrf=0ike 0: in 2B2BDAE897A1585000000000000000000110040000000000000001FC04000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C49C29F77BADE5D43553C169BA2D54B30BB02C97B23EFFD1A8E6B53C663533F691F737045EBEE9F10483E173BAFFBA1EBED566AA0A81BF0EADB45B86D183F5839598F7B2FD23CAB766B358B537275DEDDE52A0CF4CAC22E0A84039FD27F15ED1D45D97CC0F46296A4C0B3461D509C1E74FC92A427AC11A48DFFAA82F85F7D54B9C64B066B072DE2100BFF3045364E54C57D07F50E0009BF4342A6DFB6EFA3C1A339D201E1D4893C598DB9E6A37BB7BC3E080B2BF16B1A6E0CB7331CCD4E6C3751405000014857E578C3B498EF7A50D38306E30A8C50D00000C01000000C0A86F6A0D00001412F5F28C457168A9702D9FE274CC01000D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000144C53427B6D465D1B337BB755A37A7FEF00000014B4F01CA951E9DA8D0BAFBBD34AD3044Eike 0:IPSEC Site:7007: retransmission, re-send last messageike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (retransmit): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike shrank heap by 151552 bytesike 0:IPSEC Site:7007: out 2B2BDAE897A1585049B30D437196AA6001100400000000000000022C0400003C000000010000000100000030010100010000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050A0000C468EBC33F1E5857238C2491545E4FE635CDEB9F8DE143623DB06E1CA08813C2F14986B7E8C81B6C6DADE1BBE3953F81D9EF3140C8982B16696AB4F1C86B31FB633421C20541A01ACB4F3429109C1207129A31944B9288D341BE07FE01C24772E61214C766DDB7488398AF9D28E7141F90992312EB84C29BF1ED4726956CB73C2BC5332FA37AEA9DC4E752EEA4ADDE761553ADF618947A698CE2EDFC32487FF4DDC25EEEFCE206CDD5937C42D98489C6E0D2FAD82EEC9ED5846573D642D3537065050000147616D8589E4597D6F8DD9A2FF22A74490800000C0100000002288B2E0D000024E03933F382B824F526C1DD54FFCF82F3443B4EFA5CEA1BC23D767B169F480EAA140000144A131C81070358455C5728F20E95452F14000024F74CB0A6379FC89D4C1470D89F6D025D0DB85E4418A20F2EF909E16A09E407950D000024F30297B8E2F05C8FF7767E1C186E8C10ECB6E51EFF56A92642CA1FAD5C49C60B0D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00000000ike 0:IPSEC Site:7007: sent IKE msg (P1_RETRANSMIT): FortiGateIPWAN:500->ClientIP:1011, len=556, vrf=0, id=2b2bdae897a15850/49b30d437196aa60ike shrank heap by 4096 bytesike 0:IPSEC Site:7007: negotiation timeout, deletingike 0:IPSEC Site: connection expiring due to phase1 downike 0:IPSEC Site: deletingike 0:IPSEC Site: deleted  I tried with two different clients connection with the same result, and the client are not behind firewall. I cannot identify the problem, so i ask helpThank you

ezhupa · Accepted Answer

Hello Albimatta,

It seems that your scenario matches an issue on another forum post:
https://community.fortinet.com/t5/Support-Forum/Can-t-connect-to-IPsec-VPN-in-Windows-11/m-p/204876
It looks to be a Windows 11 Ethernet driver issue. Try downgrading to Win10 Realtek 10.54 driver version.
Realtek PCIe FE / GBE / 2.5G / Gaming Ethernet Family Controller Software - REALTEK

It seems that this solution has helped other community members solve a similar issue to yours.
Give it a try and let us know if that same solution works for you also.

ezhupa · Answer

Hello Albimatta,

From the debug you have added it seems that Phase2 is not being established and FCT is not responding to the packets FGT is sending. FGT receives no reply and when the negotiation timeouts has no choice but to flush the tunnel.
Are you using the free version of FortiClient?
What version are you using?
Can you also share phase2 settings on the FCT side?
Is there any error observed on the FCT when you try to connect?

Are you using Windows10/11?
I would suggest trying a different version of FCT and maybe reinstalling it.

You could also try to reconfigure the tunnel following the below KB if no documentation was followed:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-dial-up-full-tunnel-with-FortiClient/ta-p/189452

Hope this helps.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded