A few people still have Windows servers offering the PPTP service. Generally I allow 1723 and GRE through the firewall and dst-nat the traffic to the server but today I installed a router that needed a similar configuration and I couldn’t make the PPTP connection to it. When I took a closed look it seems that there is no GRE traffic hitting the firewall at all. I reset both the filter and nat counters and tried to connect. I saw the counter increment for for TCP 1723 but not for GRE. I was wondering if fasttrack rules could have something to do with this?
Does this router have a global unicast IPv4 address? GRE and PPTP don’t play nice with NAT.
Yes, our WAN IP is a class C routable address. I’ve read that GRE and PPTP don’t play nice with NAT before but I only read it after I had successfully implemented this set-up on several networks. 
Between the working PPTP and the this network there are a couple of differences.
- Working PPTP is a class B WAN
Non-working PPTP is class C WAN
Working PPTP is server 2008R2
Non-working PPTP is server 2K12
I’ve focused on the firewall rules for GRE because I never see them increment.