diff --git a/doc/source/reference/inventory/configure-inventory.rst b/doc/source/reference/inventory/configure-inventory.rst
index 97a8d29e6c..43c754e75c 100644
--- a/doc/source/reference/inventory/configure-inventory.rst
+++ b/doc/source/reference/inventory/configure-inventory.rst
@@ -340,3 +340,25 @@ To omit a component from a deployment, you can use one of several options:
   you specify the component to run directly on a host by using the ``is_metal``
   property, a container is created for this component.
 
+
+Having SSH network different from OpenStack Management network
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In some environments SSH network that is used to access nodes from deploy
+host and management network are different. In this case it's important that
+services were listening on correct network while ensure that Ansible use SSH
+network for accessing managed hosts. In these cases you can define
+``management_ip`` key while defining hosts in your ``openstack_user_config.yml``
+file.
+
+``management_ip`` will be used as ``management_address`` for the node, while
+``ip`` will be used as ``ansible_host`` for accessing node by SSH.
+
+Example:
+
+.. code-block:: yaml
+
+    shared-infra_hosts:
+      infra1:
+        ip: 192.168.0.101
+        management_ip: 172.29.236.101
diff --git a/osa_toolkit/generate.py b/osa_toolkit/generate.py
index 619f82dd46..42ca34c923 100755
--- a/osa_toolkit/generate.py
+++ b/osa_toolkit/generate.py
@@ -443,7 +443,8 @@ def user_defined_setup(config, inventory):
 
                 hvs[_key].update({
                     'ansible_host': _value['ip'],
-                    'management_address': _value['ip'],
+                    'management_address': _value.get(
+                        'management_ip', _value['ip']),
                     'is_metal': True,
                     'physical_host_group': key
                 })
@@ -657,6 +658,7 @@ def _add_additional_networks(key, inventory, ip_q, q_name, netmask, interface,
                 if address:
                     network['address'] = address
 
+            ansible_host_address = networks[old_address]['address']
             network['netmask'] = netmask
 
         elif is_metal:
@@ -671,10 +673,14 @@ def _add_additional_networks(key, inventory, ip_q, q_name, netmask, interface,
                     phg = user_config[cphg][container_host]
                 else:
                     phg = user_config[cphg][physical_host]
-                network['address'] = phg['ip']
+                ansible_host_address = phg['ip']
+                network['address'] = phg.get(
+                    'management_ip', ansible_host_address)
+        else:
+            ansible_host_address = networks[old_address]['address']
 
         if is_management_address is True:
-            container['ansible_host'] = networks[old_address]['address']
+            container['ansible_host'] = ansible_host_address
 
         if is_management_address is True:
             container['management_address'] = networks[old_address]['address']
diff --git a/releasenotes/notes/inventory_container_ip-18cd67e8476eba30.yaml b/releasenotes/notes/inventory_container_ip-18cd67e8476eba30.yaml
new file mode 100644
index 0000000000..0ca2dee480
--- /dev/null
+++ b/releasenotes/notes/inventory_container_ip-18cd67e8476eba30.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Added new ``management_ip`` option, that can be defined in conf.d or
+    openstack_user_config.yml files for hosts. It might be useful if SSH
+    network for accessing hosts differs from OpenStack management network.
+    Option ``management_ip`` should be set to an IP address that represents
+    management network on the host, while ``ip`` option remains to represent
+    SSH address that will be used to access host by Ansible.
diff --git a/tests/test_inventory.py b/tests/test_inventory.py
index ad9e4dbea2..4defa932ae 100644
--- a/tests/test_inventory.py
+++ b/tests/test_inventory.py
@@ -717,8 +717,11 @@ class TestConfigCheckBase(unittest.TestCase):
         user_defined_config[group][hostname]['ip'] = ip
         self.write_config()
 
-    def add_host(self, group, host_name, ip):
+    def add_host(self, group, host_name, ip, management_ip=None):
         self.user_defined_config[group][host_name] = {'ip': ip}
+        if management_ip:
+            self.user_defined_config[group][host_name].update(
+                {'management_ip': management_ip})
         self.write_config()
 
     def tearDown(self):
@@ -1387,6 +1390,19 @@ class TestLxcHosts(TestConfigCheckBase):
 
         self.assertEqual(set(original_lxc_hosts['hosts']), set(new_inventory['lxc_hosts']['hosts']))
 
+    def test_lxc_host_management_ip(self):
+        """
+        If ssh network != mgmt network, management_ip should appear in
+        management_network, while ansible_host leave for SSH connection as is
+        """
+        ansible_host_address = '172.20.0.101'
+        management_address = '172.29.236.101'
+        self.add_host('shared-infra_hosts', 'aio2', ansible_host_address, management_address)
+        inventory = get_inventory()
+        hostvars = inventory['_meta']['hostvars']['aio2']
+        self.assertEqual(ansible_host_address, hostvars['ansible_host'])
+        self.assertEqual(management_address, hostvars['management_address'])
+
 
 class TestConfigMatchesEnvironment(unittest.TestCase):
     def setUp(self):