IPSEC VPN建立不成功

bocaccio

想通过IPSEC VPN实现两个网络的通信，但是VPN一直建立不起来，提示如下：
00:20:42: %OSPF-5-ADJCHG: Process 2, Nbr 56.10.17.1 on Tunnel23 from LOADING to FULL, Loading Done
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 23 65E900C0 - looped chain attempting to stack
%TUN-5-RECURDOWN: 23 temporarily disabled due to recursive routing
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 23 65E900C0 - looped chain attempting to stack
%TUN-5-RECURDOWN: 23 temporarily disabled due to recursive routing
%LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel23, changed state to down
%ADJ-5-PARENT: Midchain parent maintenance for IP midchain out of 23 65E900C0 - looped chain attempting to stack
%TUN-5-RECURDOWN: 23 temporarily disabled due to recursive routing
00:20:47: %OSPF-5-ADJCHG: Process 2, Nbr 56.10.17.1 on Tunnel23 from FULL to DOWN, Neighbor Down: Interface down or detached
不知道这是什么意思。求各位大神分析一下。

两个路由配置如下：
R1#sh run  

hostname R1

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 5

crypto isakmp key test123 address 56.10.17.1
crypto ipsec transform-set Phase2 esp-des esp-md5-hmac

crypto map map1 10 ipsec-isakmp
set peer 56.123.9.1
set transform-set Phase2
match address 100

interface Tunnel23

ip address 56.123.9.13 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination 56.123.9.1

interface FastEthernet0/0

ip address 56.10.17.1 255.255.255.252
duplex auto
speed auto
crypto map map1

interface FastEthernet0/1

ip address 192.168.1.254 255.255.255.0

router ospf 2

router-id 56.10.17.1

log-adjacency-changes

redistribute connected subnets

network 56.123.9.12 0.0.0.3 area 0

ip route 0.0.0.0 0.0.0.0 56.10.17.2

access-list 100 permit gre host 56.0.17.1 host 56.123.9.1

*************************************************************************************

R3#sh run

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 5

crypto isakmp key test123 address 56.10.17.1

crypto ipsec transform-set Phase2 esp-des esp-md5-hmac

crypto map map1 10 ipsec-isakmp

set peer 56.10.17.1

set transform-set Phase2

match address 100

interface Tunnel23

ip address 56.123.9.14 255.255.255.252

tunnel source FastEthernet0/0

tunnel destination 56.10.17.1

interface FastEthernet0/0

ip address 56.123.9.1 255.255.255.248

crypto map map1

interface FastEthernet0/1

ip address 192.168.2.254 255.255.255.0

router ospf 2

router-id 56.123.9.1

log-adjacency-changes

redistribute static subnets

network 56.123.9.12 0.0.0.3 area 0

ip route 0.0.0.0 0.0.0.0 56.123.9.2

access-list 100 permit gre host 56.23.9.1 host 56.10.17.1