Hi,

Well if you are willing to update the ASA to 9.x software level (which might easily be a deal breaker in some cases) then you are able to use L2L VPN even in Multiple Context Mode

VPN Client, however, is still NOT possible in Multiple Context Mode

Source:

http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html

Found in the New Feature section

There ASA naturally doesnt need any module to be able to do IPsec VPN. The limitation in your case comes from the fact that you are running the ASA model in Multiple Context mode and probably with an older software. As I mention above, with the newer software levels, Cisco added support for L2L VPN even in Multiple Context mode.

For many people doing software jump from older to the very new will become troublesome since when updating from 8.2 to 8.3 or anything newer the NAT configuration will change completely and along with it the ACL format also a bit.

In some cases the software upgrade might also require RAM memory update to the device since the new softwares of 8.3 and above require more memory from the ASA unit.

- Jouni

All ASAs have an onboard VPN-module, so there is nothing you need to buy. But you need at minimum the software version 9.0 where site-to-site VPNs were introduced to multiple context mode:

http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp586890

Remote-Access VPNs are still not supported in multiple context.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni