Mark

I am not clear whether you are talking about licensing for IPSec VPN or for SSL VPN. Since the licensing for IPSec is quite straightforward I will assume that you are talking about licensing for SSL VPN. In the current version of software you need to purchase licensing for both 5520s since there is no license transfer capability in current software.

Cisco has introduced flex licensing for SSL VPN and from what I understand of it, you purchase the flex licenses to obtain extra capacity (or perhaps to accomodate failover) and they are much less expensive than the normal licenses. Most of the time the flex licenses are not used and nothing happens with them. When you need them, you activate them and when you no longer need them you stop the activation. They track the number of days that they are activated and are good for only a specific number of days. When the number of days of activation is exceeded the licenses expire and you need to purchase more licenses.

I have heard that in a future release of code for the ASA there will be support for sharing licenses between ASAs. I do not know details of it, but I believe that this is the solution that you (and I) really want to deal with failover situations.

HTH

Rick