A developer uses a BGP-based AWS VPN to connect on-premises to EC2 instances within the same VPC. The developer can access an instance in subnet A but not in subnet B. What logs should be reviewed to check traffic reaching subnet B?