I have setup a public Radius & CA server which I plan to use to manage the
wifi access of the enterprise I manage.  The problem I am having is that the
Radius packets keep getting blocked at the firewall when the Radius server
responds to a Radius authentication attempt.  Has anyone had experience with
authenticating LAN clients with a internet based Radius server or even a
central Radius server with WAN links provided by IpSEC tunnels?

Thanks ahead of time.