I assume here the users are in the employee zone and the PPTP server is in the internet zone.
PPTP uses a TCP connection to establish a GRE link. Your policy sdm-policy-sdm-cls--2 only inspects class sdm-cls--2, i.e. you only inspect tcp and udp traffic. Anything else is passed without inspection.
You don't posted the access list pristup but I guess it won't accept incoming GRE.
I would say you have to remove the test class-map from the sdm-cls--2 class to inspect all IP protocols and not only tcp and udp. Or you add gre to the test class-map if gre is support for "match protocol".
Generally, I find it helpful for debugging to have a "drop log" rule for class-default where you don't pass traffic. It shows you which policy drops the packet and may give you a hint where the problem is.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...