[c-nsp] PPTP through Router NAT?

[Garry]

 Hi,

I've been trying to get this to work, doesn't seem to check out ...

I've got a customer with an MPLS VPN to several locations. The MPLS is
handed to the internet at our central MPLS firewall, 3825 w/ FW-IOS.
Customer hosts are PATed through it with a single IP.

ip nat pool CUSTNAT x.x.x.x x.x.x.x netmask 255.255.255.0
ip nat source list VRFCUST pool CUSTNAT vrf CUST
(with VRFCUST containing a list of customer internal networks)

I've already ran a packet debug and saw the outgoing and returning
packets, with correct NAT. None the less, the communication doesn't work
out, PPTP isn't set up correctly. I assume the customer has used the
right authentication information.

On ASA/PIX I know a simple "fixup protocol pptp 1714" will get the VPN
running.

Checking several documents on Router configs, I've mostly found docs
explaining how to make an internal PPTP server available to external
users. Couldn't seem to find one that was about doing it the other way
around ... one was going on about using CBAC, but wasn't complete as far
as documenting everything that would be required to get it running ...

What part am I missing here? (and why can't M$hit finally ditch that
abomination of a protocol for something more secure and standardized ...)

Tnx, Garry