Without seeing the exact content of the NAR and the inbound T+ requests its impossible to say what the problem is.
Remember that NAR checks are pretty simple string matches using the rem_addr value from the inbound packet and the nas ip address.
The NDG part of a NAR refers to the authenticating device (ie PIX) and not the end client.
As a permit the below NAR would allow any remote client via the PIX (or other authenticating device in the NDG MyNdg). As a deny it would stop all connections.
AAA Client/IP/Port
NDG:MyNdg/*.*.*.*/*
I think you've got the purpose of NDGs mixed up. They hold authenticating devices (Pix, access server etc) and not the endpoint addresses.
Are you trying to restrict what users in site 1 can do in site 2?