Problem with VPN site-to-site, app container in a subnet in a vnet peering
I have a small problem with the VPN tunnel that was configured with the Virtual Network Gateway resource.
I have 3 resource groups, the GLOBAL resource group is where the Virtual Network Gateway is hosted and it is linked to the 2 resource groups RG-A and RG-B in Hub-Spoke mode.
The tunnel allows me to connect from my on-premise site and I access the elements in the RG-GLOBAL and the resource groups RG-A and RG-B that are within the DEFAULT subnet.
I created a VM in each resource group to confirm connectivity in each subnet, but note that I only access the resources if they are within the default subnet. If they belong to another subnet, the resource becomes inaccessible.
For example, my App Containers are in the infrastructure subnet. And I cannot access them from my on-premise site; but if I put them in the default subnet, access is possible.
What do I need to configure so that, without changing the subnet, the resources are accessible from my on-premise site?