UPDATE:

I decided to start from scratch, and build everything from zero and see command by command what was wrong... I made the DMVPN worked without ipsec enabled and after adding the IPsec I broke it again... and after a lot of tweaking here and there I got to this:

HUB:

Sep  9 16:07:39.082: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Callback received for the validate proposal - PASSED.

Sep  9 16:07:39.086: IKEv2:(SESSION ID = 2015,SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started

Sep  9 16:07:39.086: IKEv2:(SESSION ID = 2015,SA ID = 1):Session with IKE ID PAIR (199.22.22.80, 199.22.22.80) is UP

Sep  9 16:07:39.086: IKEv2:IKEv2 MIB tunnel started, tunnel index 1

Sep  9 16:07:39.086: IKEv2:(SESSION ID = 2015,SA ID = 1):Load IPSEC key material

Sep  9 16:07:39.086: IKEv2:(SA ID = 1):[IKEv2 -> IPsec] Create IPsec SA into IPsec database

Sep  9 16:07:39.087: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database FAILED

Sep  9 16:07:39.101: IKEv2-ERROR:(SESSION ID = 2015,SA ID = 1):: Creation/Installation of IPsec SA into IPsec DB failed

Sep  9 16:07:39.101: IKEv2:(SESSION ID = 2015,SA ID = 1):Queuing IKE SA delete request reason: unknown

Sep  9 16:07:39.102: IKEv2:(SESSION ID = 2015,SA ID = 1):Sending DELETE INFO message for IPsec SA [SPI: 0x4CE36410]

Sep  9 16:07:39.102: IKEv2:(SESSION ID = 2015,SA ID = 1):Building packet for encryption. 

Payload contents:

 DELETE

Sep  9 16:07:39.102: IKEv2:(SESSION ID = 2015,SA ID = 1):Checking if request will fit in peer window

SPOKE

Sep 10 07:02:23.307 AEST: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Callback received for the validate proposal - PASSED.

Sep 10 07:02:23.307 AEST: IKEv2:(SESSION ID = 4,SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started

Sep 10 07:02:23.307 AEST: IKEv2:(SESSION ID = 4,SA ID = 1):Session with IKE ID PAIR (199.22.22.80, 199.22.22.80) is UP

Sep 10 07:02:23.307 AEST: IKEv2:IKEv2 MIB tunnel started, tunnel index 1

Sep 10 07:02:23.307 AEST: IKEv2:(SESSION ID = 4,SA ID = 1):Load IPSEC key material

Sep 10 07:02:23.307 AEST: IKEv2:(SA ID = 1):[IKEv2 -> IPsec] Create IPsec SA into IPsec database

Sep 10 07:02:23.311 AEST: IKEv2:: Negotiation context locked currently in use

Sep 10 07:02:23.311 AEST: IKEv2:: Negotiation context locked currently in use

Sep 10 07:02:23.315 AEST: IKEv2:(SA ID = 1):[IPsec -> IKEv2] Creation of IPsec SA into IPsec database PASSED

Sep 10 07:02:23.315 AEST: IKEv2:(SESSION ID = 4,SA ID = 1):Checking for duplicate IKEv2 SA

Sep 10 07:02:23.315 AEST: IKEv2:(SESSION ID = 4,SA ID = 1):No duplicate IKEv2 SA found

If I'm not wrong something is failing for phase two, but I dont know what... ideas?

Thanks!