vpn behind pat

[CaptNeo]

I'm trying to setup vpn behind a nat/pat router and I've not been able to successfully configure it correctly.

I have a cisco router with NAT enabled, a Win2k server with DHCP, DNS, AD, VPN configured.

On my router, here is the config:

ip nat pool 0 72.153.128.66 72.153.128.126 netmask 255.255.255.192
ip nat inside source list 1 pool 0 overload
ip nat inside source static tcp 172.16.70.2 1723 72.153.128.72 1723 extendable
ip nat inside source static 172.16.70.2 72.153.128.72
ip nat inside source static 172.16.70.1 72.153.128.65
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server

When I do a '#sh ip nat tran' on the router, I get this entry:
Router#Pro Inside global Inside local Outside local Outside global
--- 72.153.128..65 172.16.70.1 --- ---
--- 72.153.128.72 172.16.70.2 ---
tcp 72.153.128.72:1723 172.16.70.2:1723 --- ---
Router#

My client is setup via dial-up to an isp. When it tries to connect, it gets the error 619. Someone mentioned about port 1723 being forwarded to the vpn server and opening up protocol 47 on the router. could someone shed some light as to what else am I missing? Or perhaps someone could tell me how to forward port 1723 on the router and protocol 47 also.