We are dealing with the same problem in two different scenarios: PIX 515 and ASA 5510.
In both cases we have an internal Windows 2003 server behind the firewall with RRAS service running, so that remote Windows XP clients connect using native PPTP capabilities. However, these clients are not even authenticated, VPN tunnels are not completed.
We are sure that Windows configurations are good, the problem is on PIX/ASA. Surprisingly, GRE traffic is registered in PIX/ASA logs:
2009-01-06 23:23:53 Local4.Info 18.104.22.168 %PIX-6-302013: Built inbound TCP connection 3315921 for outside:xx.yy.zz.tt/1289 (xx.yy.zz.tt/1289) to inside:172.16.0.12/1723 (tt.zz.yy.xx/1723)
2009-01-06 23:23:53 Local4.Info 22.214.171.124 %PIX-6-302017: Built inbound GRE connection 3315922 from outside:xx.yy.zz.tt (xx.yy.zz.tt) to inside:172.16.0.12/14579 (tt.zz.yy.xx/14579)
2009-01-06 23:23:53 Local4.Info 126.96.36.199 %PIX-6-302017: Built outbound GRE connection 3315923 from inside:172.16.0.12 (tt.zz.yy.xx) to outside:xx.yy.zz.tt/256 (xx.yy.zz.tt/256)
2009-01-06 23:24:30 Local4.Info 188.8.131.52 %PIX-6-302014: Teardown TCP connection 3315921 for outside:xx.yy.zz.tt/1289 to inside:172.16.0.12/1723 duration 0:00:37 bytes 732 TCP FINs
We have followed the following Cisco article (scenario with the server inside and clients outside) with unsuccessful results until this moment:
Perhaps NAT and GRE are not easily compatible in PIX/ASA.
Thank you very much.