Our shop does not utilize many Anyconnect sessions, or S2S VPN tunnels.  However, we do have an ASA running in Multi Context mode that we will be utilizing for these 2 functions.  My question is pretty basic, in that I know by default VPN resources are disabled, and require a resource class to be setup.  We have 20K Anyconnect Peers, and 20K VPN Other (s2s) license available.  We will be creating 5 different contexts for our various s2s, and anyconnect function. Some will be used for s2s and some anyconnect.  Should I create one big resource class and make each context a member, or break it up into Anyconnect, and S2S resouce classes?  If I create one big class, will each context basically share the resources of that class?  Do the classes have to divide up the resources to the total of licenses?

When I say we don't utilize these services much, I mean we won't even be touching 100-200 Anyconnect sessions, or s2s tunnels across all contexts combined, much less 20K.

Thanks