I had a strange issue recently where my 3725 running c3725-adventerprisek9-mz.124-19.bin didn't seem to allowing GRE packets or even logging that they were being dropped.
LAN clients were no longer able to connect to a PPTP server out on the internet. If the router was swapped back to the older router, it worked fine again.
The ACL on the router was copied from the original router -
60 permit gre host x.x.x.x any
70 permit tcp host x.x.x.x eq 1723 any
Where x.x.x.x is the PPTP server.
When I added log to the end, sometimes nothing would show up. It was as if the server at the other end wasn't sending back any responses after the original connection. On the other hand, sometimes it would log a packet coming back, but still, the connection would fail.
After preventing any other traffic apart from a test machine, I enabled debug ip packet and could see something going back and forth - but no connection was ever established.
I temporarily disabled the ACLS and ip inspect on the router - no change.
I then downgraded the IOS version to 12.4(12) and it has worked flawlessly ever since.
Any thoughts on why this might have fixed it? I'm glad it did, but I don't know why.