A company has set up Amazon EC2 instances within a VPC to host servers accessible by external vendors via the internet. Recently, a new application was deployed on EC2 instances in a different CIDR range, and the company aims to grant vendors access to this new application. Despite confirming that the relevant security groups and network ACLs permit the necessary inbound ports, vendors are unable to connect to the application. What action should be taken to enable vendor access to the new application?