It's really hard to give an accurate answer on this. The VPN module will take the encryption load off the main router CPU and do it on the module, freeing up the router CPU for other important tasks like routing of packets and EIGRP, etc. If you don't have one, and the CPU load on the router is at an acceptable level for you, then everything should run fine without it.
The trouble is as the encryption traffic rate rises, so will the CPU utilization on the router. You have to think about the business cost of having one or more of these remote sites down or degraded because the CPU load is too high. Will that end up costing you more than 70-90K in the long run? It's really up to you, without knowing the traffic ratios you're going to have and what you deem as "acceptable" response times, we really can't give an exact answer. Think about the business cost of a degraded network though and that might help your decision.
You don't even have to have VPN modules in all of them, if you suspect that some will have higher traffic rates than others then purchase modules for those sites and monitor the others closely. Maybe don't purchase any just now but factor it into your budget just in case and monitor all the routers closely and see how you go.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :