Troubleshooting Tip: RDP does not work via IPsec Dial-up connection after upgrading to Windows 11 - Ping still works fine

Umer221 · ‎12-29-2023

Description

This article provides a solution to an issue where RDP between Windows 11 PC connected via IPsec Dial-up fails while the rest of the services such as ping work fine. Issue is not observed between the devices running on older versions of Windows.

Scope

Windows 11, FortiOS, FortiGate, IPsec Dial-up.

Solution

The following error appears during an RDP attempt:

Navigate to 'Log & Report -> Forward Traffic', and filter for the traffic specific to RDP. Here, the following error will appear: Policy Action - Accept: session timeout.

First, make sure that IPsec dial-up is configured properly by following the instructions in: Technical Tip: IPSec dial-up full tunnel with FortiClient.
If all the above configuration matches, then test if the rest of the services such as ping are working fine except for RDP between the devices running on Windows 11.
Verify if RDP is working fine between the devices running on older versions of Windows, such as Windows 10, Windows 8, or Windows 7.
If all of the above symptoms match, go to the policy that is created for IPsec dial-up connection according to the article mentioned in step 1, and disable NAT for that policy. This should resolve issues for RDP between Windows 11 devices.