Hi ISO
Yes it is possible but you'll need to have the VPN client on the mobile device (E.g; Cisco Anyconnect) that establishes a secure VPN tunnel with your endpoint.
But to be honest that's not the best architecture moving forward...
The way to do this is typically create a public (https) WX or webservice endpoint in the cloud that provides secured access via e.g. oAuth2 and/or double authentification and from there on set-up a VPC to your internal infrastructure if needed. That will prevent having your mobile devices to require a local VPN client to be installed and connected first before being able to use the app.
It all depends on the flexibility you want, the amount of devices at play and the geographical spread for example...
Just my 2 cents
Peter Holemans