Final piece of data. Do a "show switches" on both controllers, and check both boxes are shown referencing the 192.168.25.x addresses. If they're not, take out the 10.10.10.x addresses (and reboot), as they're "down" and it looks like you're not using them?
It might be that the controllers believe their seed addresses are the 10.10.10.x ones, as you haven't set loopbacks.
If not...
This genuinely looks like a layer 2 vlan break for vlan 23 between the controllers which look attached on ports 1/5 at each end.
Question. Is it physically feasible to...
Disconnect your ports 1/5 on both, set another port (for example 1/6 as switchport access vlan 25), then connect those two interfaces directly just to test? If you can, and it works, you DEFINATELY have a vlan break across the switches. If it doesn't the other comment is right regarding your IPSEC settings. If it's that, and all keys match, reboot both boxes. If that doesn't work, log it with TAC?