FortiClient stuck at connecting status, when checking the ports 500 and 4500, notice it is being used by svchost.exe IKEEXT service as shown below:

The most effective and common solution is to disable the Windows IPSec service, which frees up the ports for the VPN client, and turn it back on later if needed.

1. Open the Run dialog by pressing Win + R.
2. Type services.msc and press Enter. This opens the Services management console.
3. In the list of services, find IPSec Policy Agent. On newer versions of Windows 10/11, it might be called: IKE and AuthIP IPsec Keying Modules.
4. Double-click on the service to open its properties.
5. Select the Stop button to stop the service immediately.
6. In the Startup type dropdown menu, change it to Disabled. This prevents it from starting automatically on the next boot and causing the conflict again.

7. Select Apply and then OK.
8. Try to connect VPN again.

Note:

Changing the default IPsec port on both FortiClient and FortiGate can be another workaround for this issue.