Currently I have one NPS RADIUS server setup for multiple forests (two-way trust). There is one VPN server connecting to the RADIUS server to authenticate users from both forests. So far this is working good with the below network policy conditions:
However, I have a request to add in the evaluation on user client IPv4 address. So I went to add in the Client Access IPv4 Address conditions but after that users failed to authenticate. Modified policy as below:

The user machine network segment is 192.168.1.x. Therefore I added this segment into the network policy but its not working. When I removed this condition, users can authenticate without any issue. Error from event logs is as below:




