First, 192.168.15.0/21 (255.255.248.0) isn't the proper way to name this network, it's actually 192.168.8.0/21 (255.255.248.0), ranging from 192.168.8.0 - 192.168.15.255.
Second, there is no real security between the two subnets if they are on the same switch/VLAN on the switch as indicated in your diagram, or if the wifi AP on subnet A simply has a drop into the switch on subnet B from an AP port that isn't configured to be on a different VLAN.
If, on any client device, you add a zero metric route for subnet B on subnet A, and do the reverse on subnet B (add a zero metric route for subnet A on subnet B), the systems will see themselves as being connected to both networks. Traffic from that system to the other subnet will just use ARP and send directly to the other subnet, bypassing any layer 3 devices (routers, l3 firewalls), and communicating directly.
For instance, if on a linux host on subnet B, you did something like:
ip route add 192.168.86.0/24 metric 0 dev eth0
The linux host would try to send packets directly to nodes on subnet A by ARPing. Obviously if you are depending on the firewall or routers to provide some sort of security between the two subnets this would defeat it.
Now that that's out of the way, this is a fairly simple IP routing problem. You need a route on the default gateway for subnet A which points to a valid gateway for 192.168.86.0/24 (subnet B). You need a route on the default gateway for subnet B which points to a valid gateway for 192.168.8.0/21 (subnet A). A valid gateway is a router which is directly reachable from the source router/gateway, which knows how to get to the destination network, either by having a next-hop route, or being directly connected to the destination network.
Once this is established, you must make sure that any firewalls are not blocking traffic between the subnets. Windows Firewall has fairly strict rules by default. If it's enabled, it's almost certainly blocking traffic in some way between the two subnets. If the AP's drop on subnet B is layer 3 (e.g., a VLAN port not just another switch port), then its firewall (presuming it has one) could also be blocking traffic.
Overall, you may want to take a look at this network architecture and come up with something a bit more sane. For instance, you should likely have a router in the center, not just a switch. If it's a l3 switch, you can simply separate the ports onto different VLANs and have the switch act as the core router between the two subnets, get rid of the drop from the AP into subnet A, and let the router do the routing.