asa yeamans

I have created a static IPv6 tunnel with hurricane electric's tunnelbroker
service. I was able to initially set it up great with Windows Server 2003.
Now i have upgraded my router to windows server 2008 r2, and the tunnel now
fails completely. I was completely confused as to why at first until I
enabled ipsec event logging and I saw this event in there when I attempted
to ping my endpoint from an external IPv6 ping website:

-------------------------------------
IPsec dropped an inbound clear text packet that should have been secured. If
the remote computer is configured with a Request Outbound IPsec policy, this
might be benign and expected. This can also be caused by the remote
computer changing its IPsec policy without informing this computer. This
could also be a spoofing attack attempt.

Remote Network Address: 216.218.224.42
Inbound SA SPI: 0
-------------------------------------

216.218.224.42 is the ip address of the remote end of my ipv6 tunnel.

Then immediately after that event...
-------------------------------------
The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID: 0
Application Name: -

Network Information:
Direction: Inbound
Source Address: 216.218.224.42
Source Port: 0
Destination Address: 66.112.21.169
Destination Port: 0
Protocol: 41

Filter Information:
Filter Run-Time ID: 104505
Layer Name: Transport
Layer Run-Time ID: 12
-------------------------------------

I am also completely unable to send *any* IPv6-in-IPv4 packets. they dont
show up in wireshark, thye dont show up in event log. its like it was never
sent.

Obviously windows is blocking any ipv6-in-ipv4 traffic because its not
encrypted, hurricane electric doesnt support doing ipsec on these tunnels.
So my question is how do i get windows to allow this tunnel to this endpoint
to NOT have to be encrypted/authenticated by ipsec? how do i tell IPSec "i
know, thats ok" ?