diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index f3b9c07..01522b8 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -4,6 +4,7 @@ ADD_EXECUTABLE(it2s-itss-facilities
     denm.c
     infrastructure.c
     requests.c
+    indications.c
     facilities.c
     cpm.c
     saem.c
diff --git a/src/facilities.c b/src/facilities.c
index 2d56228..8fdfaa3 100644
--- a/src/facilities.c
+++ b/src/facilities.c
@@ -3,6 +3,7 @@
 #include "config.h"
 #include "denm.h"
 #include "infrastructure.h"
+#include "indications.h"
 #include "requests.h"
 #include "cpm.h"
 #include "saem.h"
@@ -64,6 +65,18 @@ static int transport_indication(facilities_t *facilities, void* responder, void*
 
     zmq_send(responder, &code, 1, 0);
 
+    switch (ti->present) {
+        case TransportIndication_PR_packet:
+            break;
+        case TransportIndication_PR_data:
+            transport_data_indication(facilities, &ti->choice.data);
+            goto cleanup;
+        default:
+            syslog_debug("[facilities]<- unrecognized TI.choice received");
+            rv = 1;
+            goto cleanup;
+    }
+
     TransportPacketIndication_t* tpi = &ti->choice.packet; // TODO
                                                            //
 
diff --git a/src/indications.c b/src/indications.c
new file mode 100644
index 0000000..5acdb0d
--- /dev/null
+++ b/src/indications.c
@@ -0,0 +1,57 @@
+#include "indications.h"
+
+#include <camv2/asn_application.h>
+#include <itss-security/SecurityRequest.h>
+#include <itss-security/SecurityReply.h>
+
+static void tcp_conn_reset(facilities_t* facilities, TCPConnRSTInfo_t* cri) {
+    if (cri->destinationAddress.size != 16) return;
+
+    SecurityRequest_t* sreq = NULL;
+
+    // Reset tolling, tls
+    tolling_s* tolling = &facilities->tolling;
+    bulletin_t* bulletin = &facilities->bulletin;
+    if (tolling->enabled && tolling->protocol == TOLLING_PROTOCOL_TLS) {
+        for (int i = 0; i < bulletin->to_consume_len; ++i) {
+            if (!memcmp(bulletin->to_consume[i]->endpoint.ipv6_addr, cri->destinationAddress.buf, 16)) {
+                sreq = calloc(1, sizeof(SecurityRequest_t));
+                sreq->present = SecurityRequest_PR_tlsReset;
+                sreq->choice.tlsReset.connId = tolling->tls_conn_id;
+
+                uint8_t b_s[64];
+                asn_enc_rval_t enc = asn_encode_to_buffer(NULL, ATS_CANONICAL_OER, &asn_DEF_SecurityRequest, sreq, b_s, 64);
+                if (enc.encoded == -1) {
+                    syslog_err("[facilities] SecurityRequest.tlsReset encoding failed");
+                }
+            }
+        }
+    }
+
+    
+    ASN_STRUCT_FREE(asn_DEF_SecurityRequest, sreq);
+}
+
+int transport_data_indication(facilities_t* facilities, TransportDataIndication_t* tdi) {
+    int rv = 0;
+
+    switch (tdi->present) {
+        case TransportDataIndication_PR_tcp:
+            switch (tdi->choice.tcp.present) {
+                case TCPDataIndication_PR_connInfoReset:
+                    tcp_conn_reset(facilities, &tdi->choice.tcp.choice.connInfoReset);
+                    break;
+                default:
+                    rv = 1;
+                    goto cleanup;
+            }
+            break;
+        default:
+            rv = 1;
+            goto cleanup;
+    }
+
+cleanup:
+    
+    return rv;
+}
diff --git a/src/indications.h b/src/indications.h
new file mode 100644
index 0000000..6fdf954
--- /dev/null
+++ b/src/indications.h
@@ -0,0 +1,6 @@
+#pragma once
+
+#include "facilities.h"
+#include <itss-transport/TransportIndication.h>
+
+int transport_data_indication(facilities_t* facilities, TransportDataIndication_t* tpi);
diff --git a/src/requests.c b/src/requests.c
index bb8f71f..bde2503 100644
--- a/src/requests.c
+++ b/src/requests.c
@@ -104,7 +104,7 @@ int facilities_request_single_message(facilities_t* facilities, void* responder,
 
             break;
         default:
-            syslog_err("[facilities] unrecognized FR message type (%ld)", frm->itsMessageType);
+            syslog_err("[facilities] unrecognized FR message type (%lld)", frm->itsMessageType);
             facilities_request_result_rejected(responder);
             rv = 1;
             goto cleanup;
@@ -407,7 +407,7 @@ int facilities_request_active_episodes(facilities_t* facilities, void* responder
                 }
                 break;
             default:
-                syslog_err("[facilities] unrecognized FR event type (%ld)", *freq->choice.data.choice.activeEpisodes.list.array[e]);
+                syslog_err("[facilities] unrecognized FR event type (%lld)", *freq->choice.data.choice.activeEpisodes.list.array[e]);
                 pthread_mutex_unlock(&facilities->den->lock);
                 pthread_mutex_unlock(&facilities->infrastructure->lock);
 
@@ -556,3 +556,5 @@ cleanup:
 
     return rv;
 }
+
+
diff --git a/src/requests.h b/src/requests.h
index 7077386..32a7ec7 100644
--- a/src/requests.h
+++ b/src/requests.h
@@ -3,6 +3,7 @@
 
 #include "facilities.h"
 #include <itss-facilities/FacilitiesRequest.h>
+#include <itss-transport/TransportIndication.h>
 
 int facilities_request_result_accepted(void* responder);
 int facilities_request_result_rejected(void* responder);
@@ -13,4 +14,6 @@ int facilities_request_attribute_types(facilities_t* facilities, void* responder
 int facilities_request_loaded_protected_zones(facilities_t* facilities, void* responder, FacilitiesRequest_t* fr);
 int facilities_request_chaininfo_set(facilities_t* facilities, void* responder, ChainInformation_t* cis);
 
+int transport_indication_data(facilities_t* facilities, TransportDataIndication_t* tdi);
+
 #endif
diff --git a/src/tpm.c b/src/tpm.c
index a6a51a3..23cd962 100644
--- a/src/tpm.c
+++ b/src/tpm.c
@@ -57,7 +57,7 @@ int tpm_pay(void* fc, tolling_info_s* info, void* security_socket, uint8_t* neig
     }
 
     tolling->active = true;
-    tolling->nonce = rand();
+    tolling->nonce = rand() + 1;
 
     syslog_info("[facilities] [tolling] issuing toll payment > client: %ld | nonce: %ld", tolling->client_id, tolling->nonce);
 
@@ -178,6 +178,11 @@ int tpm_pay(void* fc, tolling_info_s* info, void* security_socket, uint8_t* neig
             sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
             sreq->choice.tlsSend.data.size = tpm_uper_len;
             memcpy(sreq->choice.tlsSend.data.buf, tpm_uper, tpm_uper_len);
+            id = rand() + 1;
+            if (!tolling->tls_conn_id) {
+                tolling->tls_conn_id = id;
+            }
+            sreq->choice.tlsSend.connId = tolling->tls_conn_id;
 
             buf[0] = 4;
             asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, buf_len-1);
@@ -208,8 +213,7 @@ int tpm_pay(void* fc, tolling_info_s* info, void* security_socket, uint8_t* neig
             tr->choice.packet.present = TransportPacketRequest_PR_tcp;
             TCPPacketRequest_t* tcp = &tr->choice.packet.choice.tcp;
 
-            tcp->id = rand() + 1;
-            id = tcp->id;
+            tcp->id = id;
 
             tcp->destinationAddress = calloc(1, sizeof(OCTET_STRING_t));
             tcp->destinationAddress->buf = malloc(16);
@@ -301,7 +305,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
 
     switch (tolling->protocol) {
         case TOLLING_PROTOCOL_SIMPLE:
-            syslog_info("[facilities] [tolling] received toll payment > client: %ld (certificate id: %02x%02x%02x) | nonce: %ld", 
+            syslog_info("[facilities] [tolling] received toll payment > client: %lld (certificate id: %02x%02x%02x) | nonce: %lld", 
             req->clientId, 
             neighbour ? neighbour[5] : 0,
             neighbour ? neighbour[6] : 0,
@@ -310,7 +314,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
             );
             break;
         case TOLLING_PROTOCOL_TLS:
-            syslog_info("[facilities] [tolling] received toll payment > client: %ld | nonce: %ld", 
+            syslog_info("[facilities] [tolling] received toll payment > client: %lld | nonce: %lld", 
             req->clientId, 
             req->transactionNonce
             );
@@ -509,6 +513,12 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
             sreq->choice.tlsSend.data.buf = malloc(tpm_uper_len);
             sreq->choice.tlsSend.data.size = tpm_uper_len;
             memcpy(sreq->choice.tlsSend.data.buf, tpm_uper, tpm_uper_len);
+            id = rand() + 1;
+            // TODO handle various vehicles
+            if (!tolling->tls_conn_id) {
+                tolling->tls_conn_id = id;
+            }
+            sreq->choice.tlsSend.connId = tolling->tls_conn_id;
 
             buf[0] = 4;
             asn_enc_rval_t enc = oer_encode_to_buffer(&asn_DEF_SecurityRequest, NULL, sreq, buf+1, buf_len-1);
@@ -536,8 +546,7 @@ static void rsu_handle_recv(facilities_t* facilities, TPM_t* tpm_rx, void* secur
             tr->choice.packet.present = TransportPacketRequest_PR_tcp;
             TCPPacketRequest_t* tcp = &tr->choice.packet.choice.tcp;
 
-            tcp->id = rand() + 1;
-            id = tcp->id;
+            tcp->id = id;
 
             tcp->destinationAddress = calloc(1, sizeof(OCTET_STRING_t));
             tcp->destinationAddress->buf = malloc(16);
diff --git a/src/tpm.h b/src/tpm.h
index ef3b2c0..02849e8 100644
--- a/src/tpm.h
+++ b/src/tpm.h
@@ -30,6 +30,7 @@ typedef struct tolling {
     bool active;
     uint64_t nonce;
     uint64_t client_id;
+    uint64_t tls_conn_id;
     
     uint64_t tz;