If the sensor continuously sees the same alert coming from the same host, and that alert is set up to be blocked, then it'll keep adding the shun command to the PIX constantly, that could be why you're seeing it in there for so long.
Check your IDS logs, do they show a number of alerts from this shunned host, and do you see that number of alerts incrementing steadily?
You can also check the /usr/nr/var/log.$DATETIME and search for "shun" entries, this'll tell you how often the sensor has shunned that host on the PIX. If you see regular shun entries then that'd explain it. If you see only one then that shun entry has probably gotten stuck, perhaps the sensor lost connectivity with the PIX 15 hours and 45 minutes ago and the entry has been left there.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...