I do understand what is access-list and why should i use it but i'm not sure about ip access-group on the interface to WAN.
In my case i have access-list on 1841 router along with relevant ip access-group on the wan interface. If i need to add additional access-list for example to allow traffic on different tunnel i have to create access-list but i can't add another ip access-group on the interface .
what should I do ?
hope my question is clear
Yes, you just keep adding lines. Be careful though as you need to be aware that once a match is made in the access-list no further processing is done so you need to make sure the order of lines in your access-list allows or denies traffic in the right order.