When you are looping traffic through a central site between two other sites connected by vpn there are two options.
The nat option you mention is when you do not change the vpns but use NAT ip addresses in the existing tunnel structure to forward the traffic without need for any changes.
What we are attempting here, is to make all the necessary vpn and routing changes so that no nat is needed.
At this point I think we have to take this one hop at a time and confirm the packets cross each link the chain testing in both directions.
Which side is initiating the ping test?
Starting here lets go to that device:
verify vpn tunnel policy sees the input traffic from the ping going into the tunnel
Go to the hub tunnel endpoint verify the policy sees input packets from the remote site on the tunnel.
Then verify the tunnel to the other hub also increments that packets are forwarded down that link
At the spoke destination verify input traffic is seen by the vpn tunnel policy arriving at the site
On the computer that is target of the ping do a packet capture and verify arrival and reply is made (also make sure the local firewall is off here)
Back on the firewall see the return packets hit the firewall policy for the vpn
Back at the hub site verify arrival of the return packets on the vpn policy
Verify the sending of the return traffic to the spoke site policy
Back at the originating site verify reply packets inbound on the vpn policy for the site
on the originating device packet capture to verify arrival
Depending on where the traffic flow is lost first we will know where to dig into configurations that need adjustment.