VPN

How can I find out which firewall rule is blocking access to other subnets?

Good time of the day!
There are two offices, and VPN works between them.
In office A, the network is 192.168.11.0/24 and the vpn server is running with its service subnet 10.1.2.3.0/24
. In office B, the network 192.168.12.0/24 is configured on the router with a VPN client, and everything works fine.
Recently, the flow of VPN traffic has increased, and I had to move the client in office B to a separate VPN host.
The client has ip 192.168.12.20/24, indicated a static route to network A on the gateway.
There was a problem in office B. Linux hosts work without problems with the office A network, but Windows machines stubbornly refuse to go to network A. Practically, I found out that if you turn off the firewall, then Windows machines begin to interact with office A.
The topic is probably not new, but I could not find a similar question.
How can I find out which firewall rule is blocking access to Network A?