Is it possible that you have a proxy forwarder on your site?
Basically the %REMOTE_IP$ is the IP address at the other end of the connection which normally is the browser, but if your request are being routed through a proxy server, load balancer, VPN, or similar it will reflect the address of the server doing the redirection.
In most cases these servers will insert the true originating IP address in the request header thus in one of the global variables we provide. Typically, although not a 100% approved standard, the originating IP address will be found in %X_Forwarded_For$ which comes from the X-Forwarded-For request header.