Уважаемые коллеги, прошу помочь.

В самой Cisco пинги идут до других, с других тоже идут, а вот на сервера центра нет. Где моя ошибка?

*************************** ХАБ ******************************
Код:

vl-rib-hub#SH IP ROUTE
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is *** to network 0.0.0.0

D    192.168.8.0/24 [90/26882560] via 192.168.111.88, 1d00h, Tunnel0
D    192.168.9.0/24 [90/26882560] via 192.168.111.90, 1d00h, Tunnel0
C    192.168.111.0/24 is directly connected, Tunnel0
D    192.168.10.0/24 [90/26882560] via 192.168.111.100, 1d00h, Tunnel0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.100.0 is directly connected, GigabitEthernet0/0
     ***/28 is subnetted, 1 subnets
C       *** is directly connected, Vlan1
D    192.168.4.0/24 [90/26882560] via 192.168.111.2, 1d00h, Tunnel0
S    192.168.20.0/24 [1/0] via 118.173.55.122
D    192.168.6.0/24 [90/26882560] via 192.168.111.66, 00:18:57, Tunnel0
C    192.168.112.0/24 is directly connected, Tunnel2
D    192.168.7.0/24 [90/26882560] via 192.168.111.44, 11:03:37, Tunnel0
     ***/29 is subnetted, 1 subnets
C       *** is directly connected, GigabitEthernet0/1
D    192.168.3.0/24 [90/26882560] via 192.168.111.33, 00:15:23, Tunnel0
S*   0.0.0.0/0 [1/0] via ***.201
vl-rib-hub#

*************************** СПОК ***************************
Код:

cisco-nakh#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is *** to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via ***
      ***/8 is variably subnetted, 2 subnets, 2 masks
C        ***/30 is directly connected, FastEthernet0
L        ***/32 is directly connected, FastEthernet0
      172.16.0.0/24 is subnetted, 1 subnets
D        172.16.100.0 [90/26882560] via 192.168.111.1, 1d00h, Tunnel0
      192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.3.0/24 is directly connected, Vlan1
L        192.168.3.1/32 is directly connected, Vlan1
D     192.168.4.0/24 [90/28162560] via 192.168.111.2, 1d00h, Tunnel0
D     192.168.6.0/24 [90/28162560] via 192.168.111.66, 00:22:03, Tunnel0
D     192.168.7.0/24 [90/28162560] via 192.168.111.44, 11:06:44, Tunnel0
D     192.168.8.0/24 [90/28162560] via 192.168.111.88, 1d00h, Tunnel0
D     192.168.9.0/24 [90/28162560] via 192.168.111.90, 1d00h, Tunnel0
D     192.168.10.0/24 [90/28162560] via 192.168.111.100, 1d00h, Tunnel0
      192.168.111.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.111.0/24 is directly connected, Tunnel0
L        192.168.111.33/32 is directly connected, Tunnel0
      192.168.112.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.112.0/24 is directly connected, Tunnel2
L        192.168.112.33/32 is directly connected, Tunnel2

*************************** КОНФИГ ХАБА ***************************

Код:

!
crypto keyring dmvpnspokes
  pre-shared-key address 0.0.0.0 0.0.0.0 key
!
crypto isakmp policy 10
hash md5
authentication pre-share
!
crypto isakmp policy 20
hash md5
authentication pre-share
group 2
crypto isakmp profile DMVPN
   keyring dmvpnspokes
   match identity address 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile
set security-association lifetime seconds 900
set transform-set strong
set isakmp-profile DMVPN
!
!
crypto dynamic-map dynmap 10
set transform-set strong
reverse-route
!
!
crypto map dynmap 1 ipsec-isakmp dynamic dynmap
!
!
!
!
track 100 ip sla 100 reachability
delay down 5 up 5
!
track 101 ip sla 101 reachability
delay down 5 up 5
!
!
!
!
interface Tunnel0
ip address 192.168.111.1 255.255.255.0
no ip redirects
ip mtu 1440
no ip next-hop-self eigrp 90
ip nhrp authentication
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip tcp adjust-mss 1360
no ip split-horizon eigrp 90
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 0
tunnel path-mtu-discovery
tunnel protection ipsec profile
!
interface Tunnel2
ip address 192.168.112.1 255.255.255.0
no ip redirects
ip mtu 1427
ip nhrp authentication
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 10
ip nhrp server-only
ip tcp adjust-mss 1380
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5
ip ospf network broadcast
ip ospf cost 5
ip ospf hello-interval 2
ip ospf dead-interval 6
ip ospf priority 20
ip ospf 200 area 2
tunnel source Vlan1
tunnel mode gre multipoint
tunnel key 2
!
interface GigabitEthernet0/0
ip address 172.16.100.2 255.255.255.0
ip nat inside
ip virtual-reassembly
ip policy route-map PolicyBaseRouting-nexthop
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
  
ip address *** 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map dynmap
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Vlan1
  
ip address *** 255.255.255.240
ip nat outside
ip virtual-reassembly
!
router eigrp 90
network 172.16.0.0
network 192.168.111.0
no auto-summary
!
router ospf 200
log-adjacency-changes
area 2 nssa no-summary
area 2 default-cost 10
network 172.16.100.0 0.0.0.255 area 2
network 192.168.112.0 0.0.0.255 area 2
!
ip local policy route-map ISPCHEK
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 *** track 100
ip route 0.0.0.0 0.0.0.0 *** 2 track 101
ip route 0.0.0.0 0.0.0.0 *** 254
no ip http server
no ip http secure-server
!
!
ip nat inside source route-map ISP_1 interface GigabitEthernet0/1 overload
ip nat inside source route-map ISP_2 interface Vlan1 overload
!
ip access-list standard snmp
!
ip sla 100
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1
threshold 1000
frequency 10
ip sla schedule 100 life forever start-time now
ip sla 101
icmp-echo 8.8.4.4 source-interface Vlan1
threshold 1000
frequency 10
ip sla schedule 101 life forever start-time now
access-list 100 permit ip 172.16.100.0 0.0.0.255 any
access-list 100 deny   ip any any
nls resp-timeout 1
cpd cr-id 1
no cdp run

!
!
!
!
route-map ISPCHECK permit 10
match ip address 101
set interface GigabitEthernet0/1
!
route-map PolicyBaseRouting-nexthop permit 10
set ip next-hop verify-availability *** 1 track 100
set ip next-hop verify-availability *** 2 track 101
!
route-map ISP_1 permit 10
match ip address 100
match interface GigabitEthernet0/1
!
route-map ISP_2 permit 10
match ip address 100
match interface Vlan1
!
!
snmp-server community public RO snmp
!
control-plane
!
!
!
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
line aux 0
line vty 0 4
  
transport input ssh
line vty 5 15
  
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
event manager applet DOWN_and_UP
event track 100 state any
action 1.0 cli command "clear ip nat trans forced"
!
end

vl-rib-hub#