I have the above hardware / ios, and everything is working perfectly with the exception of PPTP passthrough to a Microsoft VPN server. Here is what I have done.
ip nat source static 192.168.0.2 188.8.131.52 //add the nat
ip access-list extended fa0/0_in //inbound acl on public interface
permit tcp any host 184.108.40.206 eq 1723
permit gre any any
deny ip any any log
interface fasteth 0/0
ip address 220.127.116.11
access-group fa0/0_in in
I have many more nats, and many more permits in the access list, and all other nats and permits are working fine. When I do a show ip nat trans, it show the gre and the 1723 natted correctly. If I remove the ACL, it still doesn't work. No traffic is being denied in the logs. The Windows client hangs on verifying username and password. The Windows server event view reports that the authentication timed out. The RRAS logs are enabled, but missing. And most importantly, when I connect to the VPN server from another site through a point-to-point t1, it works fine. My best guess is that it is something with GRE and this version of IOS, but none of the old GRE tricks work on this router.