Duo Proxy not passing Radius attributes


I am using Duo Proxy with Radius authentication to authenticate SSH logins for Cisco routers. The secondary authenticator is radius; Microsoft’s NPS

I have specified ‘pass_through_all’ in the radius server settings in the config but no attributes are being passed to NPS. The NPS logs show NAS-IP-Address and Client-IP-Address as the proxy’s IP, not the IP of the original requester.

I know the router sends the required information because it is present in the NPS logs when I authenticate directly.

This is stopping me from using DUO Proxy for some services as I need different NPS settings for different clients but I can’t differentiate the clients as they all appear to come from the same source.