I am trying to connect to my workplace PPTP server from my home that has a Cisco 877w ADSL/Wireless router.  I configured the majority of the setup via CLI and just started playing with CCP.  I've used version 2.5 and 2.7 on a virtual Windows station that resides on my primary Linux box.

Background in  trying things out.  PPTP works fine without CCP firewall wizard having been run - with just a vanilla interfaces configured kind of setting. 

I ran the CCP Advanced Firewall task, specified that I had PPTP clients on the LAN and went with it.  The proposed changes included GRE and PPTP stuff, but being green in the IOS Firewall, I have no idea what  I was looking at. 

My configuration as it gave me is as follows:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HomeRouter
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 MyPass
!
no aaa new-model
clock timezone Chicago -6
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-904815991
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-904815991
 revocation-check none
 rsakeypair TP-self-signed-904815991
!
!
crypto pki certificate chain TP-self-signed-904815991
 certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 39303438 31353939 31301E17 0D313430 32313632 33323035 
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3930 34383135 
  39393130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  B192CA33 08917B1D 8237C7BB 00E38CA6 4BE8B394 4A3C9A40 F7087B15 F5C9D7CB 
  50F15F43 1084859D CB14F438 5352A1BC BF38C005 15FD518D 362D5769 EFB2528D 
  1DCF2239 1F2F66CD 5B67B1FF 40108483 740EEB0F D9098DCA 82616014 884E4630 
  96391ED4 A6B5575B E46BA5FB 2F4FFC32 A7855C59 86B2EBFA FAE485D3 56AF5D5B 
  02030100 01A36A30 68300F06 03551D13 0101FF04 05300301 01FF3015 0603551D 
  11040E30 0C820A48 6F6D6552 6F757465 72301F06 03551D23 04183016 8014F385 
  49957AD6 804D76D9 AD5DADF7 C1BAF9E6 12C6301D 0603551D 0E041604 14F38549 
  957AD680 4D76D9AD 5DADF7C1 BAF9E612 C6300D06 092A8648 86F70D01 01040500 
  03818100 387142CF 1B60955E D7D63134 E07E381F BF5491CD 571D718D A8B73E2E 
  327C81C8 35E33754 67662C59 0FDD3F8E 9B0F8B69 4BF95AD8 E8484EC6 C00A7BE2 
  5D168C98 818812AF B9490F55 C19257B4 8FE70B49 1D5F0772 5F0550E1 DE7C17DB 
  02DBA7DB 233AFF65 B381970E 3DEAFF79 482D2914 788665BF 0ED9117F 8ADB6844 2A1854E0
            quit
dot11 syslog
!
dot11 ssid Wireless1
 vlan 1
 authentication open 
 authentication key-management wpa
 mbssid guest-mode
 wpa-psk ascii 7 097F46080E0B57310A1E1D6A0F3D24323B623006130F1858
!
dot11 ssid Wireless2
 vlan 2
 authentication open 
 mbssid guest-mode
!
ip source-route
!
!
ip dhcp excluded-address 10.0.0.1 10.0.0.99
ip dhcp excluded-address 10.0.1.1 10.0.1.99
!
ip dhcp pool Local-Network
   network 10.0.0.0 255.255.255.0
   default-router 10.0.0.1 
   dns-server 8.8.8.8 8.8.4.4 
!
ip dhcp pool Guest-Network
   network 10.0.1.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4 
   default-router 10.0.1.1 
!
!
ip cef
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 4.2.2.2
ip name-server 4.2.2.1
ip ddns update method NO-IP
 HTTP
  add http://MyUser:MyPass@dynupdate.noip.com/nic/update?hostname=MyPass@dynupdate.noip.com/nic/update?hostname=<h>&myip=<a>
 interval maximum 1 0 0 0
 interval minimum 0 0 5 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group pppoe
 request-dialin
  protocol pppoe
!
!
!
username MyLocalUser privilege 15 password 7 01010101011010101
! 
!
!
archive
 log config
  hidekeys
!
!
no ip ftp passive
!
class-map type inspect match-all SDM_GRE
 match access-group name SDM_GRE
class-map type inspect match-any CCP_PPTP
 match class-map SDM_GRE
 match protocol pptp
class-map type inspect match-any ccp-skinny-inspect
 match protocol skinny
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol pptp
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp extended
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
 match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
 match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
 match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
 match protocol h323
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
 match protocol sip
class-map type inspect match-all sdm-nat-ssh-1
 match access-group 101
 match protocol ssh
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect 
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-ssh-1
  inspect 
 class type inspect CCP_PPTP
  pass
 class class-default
  drop log
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect 
 class type inspect ccp-insp-traffic
  inspect 
 class type inspect ccp-sip-inspect
  inspect 
 class type inspect ccp-h323-inspect
  inspect 
 class type inspect ccp-h323annexe-inspect
  inspect 
 class type inspect ccp-h225ras-inspect
  inspect 
 class type inspect ccp-h323nxg-inspect
  inspect 
 class type inspect ccp-skinny-inspect
  inspect 
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
policy-map QoS_Out_BVI2
 class class-default
   police rate 500000 
!
zone security in-zone
zone security out-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
!
bridge irb
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
 switchport access vlan 2
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 mode ciphers aes-ccm 
 !
 ssid Wireless1
 !
 ssid Wireless2
 !
 mbssid
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 world-mode dot11d country US outdoor
 no cdp enable
!
interface Dot11Radio0.1
 encapsulation dot1Q 1
 ip virtual-reassembly
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
 encapsulation dot1Q 2 native
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
 bridge-group 2 block-unknown-source
 no bridge-group 2 source-learning
 no bridge-group 2 unicast-flooding
!
interface Vlan1
 no ip address
 ip virtual-reassembly
 bridge-group 1
!
interface Vlan2
 no ip address
 bridge-group 2
!
interface Dialer0
 description $FW_OUTSIDE$
 ip ddns update hostname me.domain.com
 ip ddns update NO-IP
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username MyUsername password 7 MyPassword
!
interface BVI1
 description $FW_INSIDE$
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
!
interface BVI2
 description $FW_INSIDE$
 ip address 10.0.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 service-policy output QoS_Out_BVI2
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http secure-server
!
!
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.1.1.10 22 interface Dialer0 xxxxx
!
ip access-list extended SDM_GRE
 remark CCP_ACL Category=1
 permit gre any any
!
no logging trap
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 10.1.1.10
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
banner login ^CUnauthorized access is STRICTLY PROHIBITED!  ^C
!
line con 0
 exec-timeout 15 0
 password 7 01010101010101010101
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 5 0
 privilege level 15
 login local
 transport preferred none
 transport input ssh
!
scheduler max-task-time 5000
ntp server 199.102.46.73
end

Any clues as to what I would have to do to allow the PPTP connection to complete?  It appears as though GRE may not be getting through?  I haven't found much in the way of fixing this.  My Google-fu might be lacking.