These are the changes we have to apply to every system we install;
VPN
To allow use of Microsoft (and other) VPN clients from inside and outside the firewall:
access-list 104 permit gre any any
EMAIL
To prevent random blockage of email (only with attachments and only addressed to multiple recipients) from inside to outside the firewall:
no ip inspect name SDM_LOW esmtp
SNTP
Set SNTP server to pool.ntp.org