Regarding question 1 on mobile device licensing
Per your comment below, I did a couple tests on our ASA5525-X which has Essentials/Mobile licenses. I was indeed able to limit access using Dynamic Access Policies. I setup a test policy allowing only iOS devices on iPad2,7 models to connect in a new policy. Then I setup the default policy to terminate sessions. This worked and allowed my Verizon iPad Mini to connect but not my iPhone. Here is the license breakdown:
Session Type: AnyConnect
Username : <user> Index : 40
Assigned IP : 10.10.121.1 Public IP : 70.194.2.165
Protocol : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License : AnyConnect Essentials, AnyConnect for Mobile
Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)RC4 DTLS-Tunnel: (1)AES128
Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1 DTLS-Tunnel: (1)SHA1
Bytes Tx : 3200 Bytes Rx : 940
Group Policy : anyconnect-split-policy
Tunnel Group : anyconnect-split-group
Login Time : 11:46:24 EDT Fri Jun 7 2013
Duration : 0h:01m:52s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Note: When configuring these settings, if you don't have the "Apply" button highlight afterwards, you will need to do something in ASDM that will activate the button and allow you to click it. None of the DAP settings for AnyConnect specifics would apply automatically nor trigger the Apply button so I could apply the settings. I had to go modify another setting, click apply, modify the setting back, click apply. This was using ASDM 7.1 on a 9.1.2 ASA5525-X.
Regarding question 2 on the licensing:
There are no client-side licensing options that I am aware of. The only license not necessarily tied to the ASA directly is the AnyConnect Premium which may be pulled off of a "server" ASA with a pool of session licenses for multiple "client" ASAs. In the end, they're applied to an ASA still.
Source:http://www.cisco.com/en/US/docs/security/asa/asa91/license/license_management/license.html
You can do a write mem all:
Saving All Context Configurations at the Same Time
To save all context configurations at the same time, as well as the
system configuration, enter the following command in the system
execution space:
Command Purpose write memory all [/noconfirm] Example: hostname# write
memory all /noconfirm Saves the running configuration to the startup
configuration for all contexts and the system configuration.
If you do not enter the /noconfirm keyword, you see the following
prompt:
Are you sure [Y/N]: After you enter Y, the ASA saves the system
configuration and each context. Context startup configurations can
reside on external servers. In this case, the ASA saves the
configuration back to the server you identified in the context URL,
except for an HTTP or HTTPS URL, which do not let you save the
configuration to the server.
http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/intro_start.html
Best Answer
Give a short enough config set, reconfiguring by hand should be an acceptable option. You could even take your existing config and try to implement it again via the ASDM to see what the new GUI returns.
If your config is multiple pages or has a large number of objects, it might be best to implement it on a test box to see what comes back as an error message before putting it into production.
Unlike the PIX-to-ASA migration, Cisco never released a sanity check tool.