diff --git a/bootstrap/tasks/validation/net.yaml b/bootstrap/tasks/validation/net.yaml
index 98f81b12087..96462a7ff11 100644
--- a/bootstrap/tasks/validation/net.yaml
+++ b/bootstrap/tasks/validation/net.yaml
@@ -1,4 +1,11 @@
 ---
+- name: Set reachable address
+  set_fact:
+    current_address: "{{ item.external_address | default(item.address) }}"
+    loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+    loop_control:
+      label: "{{ item.address }}"
+
 - name: Verify master node count
   ansible.builtin.assert:
     that:
@@ -142,16 +149,17 @@
     fail_msg: Node address {{ item.address }} is not within {{ bootstrap_node_cidr }}.
     quiet: true
   loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
+  when: item.external_address is not defined
   loop_control:
      label: "{{ item.address }}"
 
 - name: Verify SSH port is reachable
   ansible.builtin.wait_for:
-    host: "{{ item.address }}"
+    host: "{{ current_address }}"
     port: 22
     search_regex: OpenSSH
     timeout: 10
   connection: local
   loop: "{{ bootstrap_nodes.master + bootstrap_nodes.worker | default([]) }}"
   loop_control:
-     label: "{{ item.address }}"
+     label: "{{ current_address }}"
diff --git a/bootstrap/templates/ansible/inventory/hosts.yaml.j2 b/bootstrap/templates/ansible/inventory/hosts.yaml.j2
index 4499a022948..028c3af5d7e 100644
--- a/bootstrap/templates/ansible/inventory/hosts.yaml.j2
+++ b/bootstrap/templates/ansible/inventory/hosts.yaml.j2
@@ -7,7 +7,11 @@ kubernetes:
       {% for item in bootstrap_nodes.master %}
         {{ item.name }}:
           ansible_user: {{ item.username }}
+      {% if item.external_address is defined %}
+          ansible_host: {{ item.external_address }}
+      {% else %}
           ansible_host: {{ item.address }}
+      {% endif %}
       {% endfor %}
     {% if bootstrap_nodes.worker | default([]) | length > 0 %}
     worker:
@@ -15,6 +19,10 @@ kubernetes:
       {% for item in bootstrap_nodes.worker %}
         {{ item.name }}:
           ansible_user: {{ item.username }}
+      {% if item.external_address is defined %}
+          ansible_host: {{ item.external_address }}
+      {% else %}
           ansible_host: {{ item.address }}
+      {% endif %}
       {% endfor %}
     {% endif %}
diff --git a/bootstrap/vars/config.sample.yaml b/bootstrap/vars/config.sample.yaml
index 56aa8821235..b7e98b12b76 100644
--- a/bootstrap/vars/config.sample.yaml
+++ b/bootstrap/vars/config.sample.yaml
@@ -62,12 +62,14 @@ bootstrap_nodes:
   master:
     # - name:     # name of the master node (must match [a-z0-9-]+)
     #   address:  # ip address of the master node
+    #   external_address: # ONLY when SSH is not reachable on the IP specified in address field.
     #   username: # ssh username of the master node
     #   password: # password of ssh username for the master node
     # ...
   worker: # set to [] or omit if no workers are needed
     # - name:     # name of the worker node (must match [a-z0-9-]+)
     #   address:  # ip address of the worker node
+    #   external_address: # ONLY when SSH is not reachable on the IP specified in address field.
     #   username: # ssh username of the worker node
     #   password: # password of ssh username for the worker node
     # ...