There is not a way to use a domain name in a firewall rule. When the traffic comes in the packets are addressed with IPs, not with domain names, so when the router looks things up it compares IP addresses.
In fact I have never seen this done, even on an enterprise device. I'm not saying nothing can do it, but it definitely isn't possible with the ISA.
Your best bet would be to try and get some static IPs for those two sites as well.
It is however possible to setup site-to-site VPNs between these devices even if some of them are using DDNS. This does require those other site's routers to support site-to-site tunnels. That way those four sites would be able to access resources behind the ISA, but no one else would, and you could still keep using the DDNS for the two dynamic sites.
Thank you for choosing Cisco,
Network Support Engineer - Cisco Small Business Support Center
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...