I am trying to set up AAA authentication for all routers I manage so that technicians log on to the routers with their Windows usernames and a RADIUS server determines whether or not they have access. The RADIUS servers used in the routers' configurations can only be reached through a VPN each router has to our data center.
When I run RADIUS debugging I notice my test router is using its WAN address as the "Best Local IP-Address" and the "NAS-IP-Address" is also listed as the WAN address. The authentication fails because our data center firewall is only allowing RADIUS traffic in through the VPN.
How can I make my router use the LAN IP address as the NAS IP address?