How to route RADIUS traffic through the IPSec Site-to-Site VPN?

Question

I have a RADIUS server on AWS VPC. I already set up IPSec site-to-site VPN connect the Corp network and the VPC subnets. 
 
 1. Using RADIUS Public IP: Worked, but not secured because authentication traffic is routed through Internet. 
 
 2. Using RADIUS Private IP and VPN tunnel: 
 - Test the Authentication from the Firewall: Succeeded! 
 Captured packet: The source IP is the Private IP. Traffic went through the IPSec and the RADIUS responded. 
 
 - Test the authentication from LAN Laptops: Fail! 
 Captured packet: The source IP is the public IP and packet is forwarded by Firewall Rule 0. The RADIUS didn't receive any packet. 
 
 I already created a Firewall Rule 1 which NATed all traffic from the LAN to 10.0.50.1 but it didn't work. Traffic was still forwarded by Rule 0. 
 There is other thread regarding to this bug: https://community.sophos.com/products/xg-firewall/f/authentication/75090/wireless-radius-auth-via-ipsec-not-possible 
 Firewall: Sophos XG 210 
 Firmware: 17.5 MR8 
 Any idea or help is really appreciate !!!

Keyur · Accepted Answer

Hi Adam Vu Please refer to the article- https://community.sophos.com/kb/en-us/122839 
 Check for "What to do", it may help you out. Moreover, please upgrade the Sophos XG firmware to the latest available and try below given article as well. https://community.sophos.com/kb/en-us/123336

Adam Vu · Answer

I already tried the first article but it didn't work. 
 The 2nd article is the solution. Thank you! 
 https://community.sophos.com/kb/en-us/123336