To deny all TCP traffic to these networks (or any network for that matter) from the inside interface is a bit strange, does it have to be just TCP and not all IP? If it can be all IP traffic, do the following:
> access-list 100 deny ip 10.10.0.0 255.255.0.0 any
> access-list 100 deny ip 10.11.0.0 255.255.0.0 any
> access-list 100 permit ip any any
> access-group 100 in interface inside
If it just has to be TCP traffic only, you have to specify what ports you want, so you'd do something like the following:
> access-list 100 deny tcp 10.10.0.0 255.255.0.0 any range 1 65535
> access-list 100 deny tcp 10.11.0.0 255.255.0.0 any range 1 65535
> access-list 100 permit ip any any
Keep in mind there's always an implicit "deny everything" at the end of an ACL, so if you just added in the two "deny" lines that you specified, there'd also be a "deny any any" at the end of that and you'll end up denying all access.