You possibly could, but now you're exposing RDP to the Internet (another protocol unsuitable to be exposed). The safest (and most standard) way of accessing sensitive internal network infrastructure (such as ESXi/vSphere) is via VPN, and that's what I would recommend here.