ANSWER:

Did you find a solution to this? I have the same problem. The side that gets stuck in “rekey” is running 8.2(5) and the remote end is running 8.4(2)8. In our case, both sides are on a somewhat unreliable (high jitter, occasional dropped packets) wireless internet connection, so I assumed that was related. Also, the remote end still shows a valid SA (MM_Active) when the issue occurs.

I just tried adding a keepalive at the remote end to see if that helps since that end thinks that the connection is still up.

Let me know if that helps or if you have already found a solution.

Matt from http://serverfault.com/questions/382636