IPSec and Kerberos

MS appears to be using a payload type of 129 during IPSec Kerberos
connections. It appears that this type of payload is reserved for
vendor-specific stuff, meaning open-source IPsec software won't understand
it. I know this is a realy obscure question, but is there some way to force
Windows to not do this, and to play nicely? Or is it pretty much wired in?