And it done

you can traceroute to 4.2.2.2 there is reply from dns server in end of traceroute.

The "*" appear if ISP want to hidden it IP so it normal it not failed always.

Now try from any host connect to spoke ping google.com 

MHM

Sorry I forget that hub or ISP can block ping 

Use nslookup google.com

And check 

MHM

I did nslookup server 8.8.8.8#53

no authoritative aswe 172.217.169.78 now my question under VLAN1 in the hub should I keep IP nat inside or should it be removed?

Vlan1 in hub? Vlan1 of spoke you meaning?

If not above result is test from spoke or from hub?

MHM

vlan 1 in the SPOKE in the 4G Router (BRANCH)

the test results from a host connected to the SPOKE (4g router) (BRANCH)

No need "ip nat inside" under vlan1 of spoke' we use ip nat inside under virtual-template of hub' from there the packet ingress and egress vis dialer interface of Hub.

MHM

OK thats all done already but I still couldn't connect to the internet. What about the DHCP should it be done at the HUB and in the spoke should I do IP-HELPER instead???I gave you my spoke DHCP configuration for VLAN1 hosts/users

I see it' you use two DNS server second one is 8.8.8.8 

It can that first one can not resolve all domain try make 8.8.8.8 first.

MHM

8.8.8.8 Is currently the primary one and I tried to use my HUB (HQ) ISP DNS as the primary also didn't work. I am not sure whats the problem. Yes when I traceroute it seems everything perfect but no internet :'(

Yes but the order is hub DNS server then 8.8.8.8'

Try make order 8.8.8.8 then hub dns.

If you do change make sure that pc connect to host get new order

MHM

I just did that now

ip dhcp pool Data
import all
network 192.168.100.0 255.255.255.0
dns-server 8.8.8.8 90.255.255.90
default-router 192.168.100.253

Still didn't work also I noticed when I ping hosts from the spoke to hub then its unreachable

for example I am a host at the branch with IP 192.168.100.55 and I try to ping the hosts in the hub 142.202.YY.YYY its not pinging but I can ping the HUB router SVI for the 142.202.YY.YYY not sure why??

@MHM Cisco World I did some due diligence. I already have Anyconnect setup and working as full tunnel perfectly. I have looked at the DHCP config for VPN users under Anyconnect. I see that I am using my own Microsoft DNS Server and I use a domain-name of ******centrino.com . I have added that into my DHCP configs but I cant ping to my Internal Microsft DNS Server from the host connected to the spoke. 

What else could I do? I guess If I made the DHCP config in the HUB with IP-HELPER address in the spoke might work

Thanks again for all your patience

the NAT table you share was long so can you tune it more by using

show ip nat translations inside <the LAN connect to spoke>

also
in spoke and hub run 

show ip route <the LAN connect to spoke> longest 

MHM