I'm not sure if I have every used the command you are using in your example. Is it related to using an external server for the filtering?
There is though an option to use FQDN on the access-list if you are running atleast 8.4(2) on the ASA
For example a Facebook block could be configured like this
dns domain-lookup outside
DNS server-group DefaultDNS
object network FACEBOOK-FQDN
access-list INSIDE-IN remark Block Facebook
access-list INSIDE-IN extended deny ip any object FACEBOOK-FQDN
Then again the above configuration would not completely block Facebook for example since the destination address keeps changing. (Would have to resort to dropping the HTTP connections, dropping the DNS replys, dropping the traffic on the basis of the destination IP address etc.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...