When you say external RADIUS sequence what are you referring to? The VPN device should point to ISE as RADIUS servers and you should have multiple RADIUS definitions for redundancy. Do you have the HQ and remote PSN listed in the radius group on the VPN device?
If you have both defined in the RADIUS group and the HQ device failed at some point the VPN device might have failed over to the remote PSN. Some network devices don't fail back to the first RADIUS servers in their list. They will keep using the same RADIUS server as long as it is working. Cisco WLCs by default don't fail back to the primary server in their list.