I appreciate the reply, it got me started in the right direction. Unfortunately, the solution posted did not work... I did some research, and thanks to your network-id # change, I was able to find what I needed.
Some key changes were that
1) I needed different tunnel keys
2) I could not use an mGRE tunnel on the spokes for some reason - I had to use a ppGRE tunnel instead.
Here is the full config, tested and confirmed in GNS3 (these aren't my ips or auth keys - its a pre-production lab).. I'd be open to any feedback or suggestions to take for a different approach.
HUB:
Current configuration : 1850 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
crypto isakmp policy 3
hash md5
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
!
crypto ipsec profile cisco
set security-association lifetime seconds 120
set transform-set strong
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.0
!
interface Tunnel0
bandwidth 1000
ip address 172.16.1.1 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp holdtime 600
no ip split-horizon eigrp 90
delay 1000
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 0
tunnel protection ipsec profile cisco
!
interface Tunnel1
bandwidth 1000
ip address 172.17.1.1 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map multicast dynamic
ip nhrp network-id 2
ip nhrp holdtime 600
no ip split-horizon eigrp 90
delay 1000
tunnel source FastEthernet0/1
tunnel mode gre multipoint
tunnel key 1
tunnel protection ipsec profile cisco
!
interface FastEthernet0/0
ip address 199.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.1.1.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 90
network 172.16.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
network 192.168.1.0
no auto-summary
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 199.1.1.2
ip route 0.0.0.0 0.0.0.0 200.1.1.2 5
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
SPOKE:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
crypto isakmp policy 3
hash md5
authentication pre-share
crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set strong esp-3des esp-md5-hmac
!
crypto ipsec profile cisco
set security-association lifetime seconds 120
set transform-set strong
!
!
interface Loopback0
ip address 192.168.244.1 255.255.255.0
no ip redirects
!
interface Tunnel0
bandwidth 1000
ip address 172.16.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map 172.16.1.1 199.1.1.1
ip nhrp network-id 1
ip nhrp holdtime 300
ip nhrp nhs 172.16.1.1
delay 1000
tunnel source FastEthernet0/0
tunnel destination 199.1.1.1
tunnel key 0
tunnel protection ipsec profile cisco
!
interface Tunnel1
bandwidth 1000
ip address 172.17.1.2 255.255.255.0
ip mtu 1440
ip nhrp authentication cisco123
ip nhrp map 172.17.1.1 200.1.1.1
ip nhrp network-id 2
ip nhrp holdtime 300
ip nhrp nhs 172.17.1.1
delay 1500
tunnel source FastEthernet0/0
tunnel destination 200.1.1.1
tunnel key 1
tunnel protection ipsec profile cisco
!
interface FastEthernet0/0
ip address 201.1.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
router eigrp 90
offset-list 1 out 12800 Tunnel1
network 172.16.1.0 0.0.0.255
network 172.17.1.0 0.0.0.255
network 192.168.244.0
distribute-list 1 out
auto-summary
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 201.1.1.2
!
!
access-list 1 permit 192.168.244.0
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
For anyone else interested in this thread, the only lines I added to my base config were the tunnel interfaces, and the eigrp lines.
I used loopbacks for what would be my LAN on each router.
I hope this helps someone in the same situation, and thanks again deepblack for the help!