I have a IPSec VPN setup between a 2910VG ans 2820, all connects and runs fine except that the VPN drops and then connects every hour.

The 2910 dials out to the 2820 so I have 'Always On' checked and 'Enable ping to keep alive' on the 2910 and on the 2820 I've set 'Idle Timeout 0'.

Any thoughts as to why it does this and is there a solution?
Thanks.

Have you checked your Key Lifes at each end? I think it is in the advanced section of the LAN-LAN IPSec set up. Make sure they match.

Yes, running in aggressive mode.
IKE phase 1 key lifetime = 86400
IKE phase 2 key lifetime = 3600
PFS to Disable.

Not sure what else to check.

I'm not sure what to check either. It may be worth looking at firmware updates and see what has changed recently.

You should not need the ping to keep alive.

As a side issue, for security, I'd disable aggressive mode and enable PFS. Any reason why you have chosen the other way round?

I'm using Aggressive as the connection is from a dynamic IP to a static also slightly faster connection. I've changed the IKE phase 2 Key Lifetime to 43200 (12 hours) and so far the connection has held up.

themonk wrote: I'm using Aggressive as the connection is from a dynamic IP to a static also slightly faster connection.

.... at the expense of security. Dynamic to Static does not need agressive mode. Also if you manage to fix the problem your connection should be rock solid so the speed which you make the connection becomes pretty irrelevant.

I've changed the IKE phase 2 Key Lifetime to 43200 (12 hours) and so far the connection has held up.

Probably just delaying the inevitable. Also security ........

Which revisions of firmware are using?