diff --git a/physical/consul/consul.go b/physical/consul/consul.go
index 4609d9eff4..f479782baf 100644
--- a/physical/consul/consul.go
+++ b/physical/consul/consul.go
@@ -92,6 +92,7 @@ type ConsulBackend struct {
 	redirectPort        int64
 	serviceName         string
 	serviceTags         []string
+	serviceAddress      *string
 	disableRegistration bool
 	checkTimeout        time.Duration
 	consistencyMode     string
@@ -150,11 +151,20 @@ func NewConsulBackend(conf map[string]string, logger log.Logger) (physical.Backe
 
 	// Get the additional tags to attach to the registered service name
 	tags := conf["service_tags"]
-
 	if logger.IsDebug() {
 		logger.Debug("physical/consul: config service_tags set", "service_tags", tags)
 	}
 
+	// Get the service-specific address to override the use of the HA redirect address
+	var serviceAddr *string
+	serviceAddrStr, ok := conf["service_address"]
+	if ok {
+		serviceAddr = &serviceAddrStr
+	}
+	if logger.IsDebug() {
+		logger.Debug("physical/consul: config service_address set", "service_address", serviceAddr)
+	}
+
 	checkTimeout := defaultCheckTimeout
 	checkTimeoutStr, ok := conf["check_timeout"]
 	if ok {
@@ -247,6 +257,7 @@ func NewConsulBackend(conf map[string]string, logger log.Logger) (physical.Backe
 		permitPool:          physical.NewPermitPool(maxParInt),
 		serviceName:         service,
 		serviceTags:         strutil.ParseDedupLowercaseAndSortStrings(tags, ","),
+		serviceAddress:      serviceAddr,
 		checkTimeout:        checkTimeout,
 		disableRegistration: disableRegistration,
 		consistencyMode:     consistencyMode,
@@ -726,12 +737,21 @@ func (c *ConsulBackend) reconcileConsul(registeredServiceID string, activeFunc p
 		return serviceID, nil
 	}
 
+	// If service address was set explicitly in configuration, use that
+	// as the service-specific address instead of the HA redirect address.
+	var serviceAddress string
+	if c.serviceAddress == nil {
+		serviceAddress = c.redirectHost
+	} else {
+		serviceAddress = *c.serviceAddress
+	}
+
 	service := &api.AgentServiceRegistration{
 		ID:                serviceID,
 		Name:              c.serviceName,
 		Tags:              tags,
 		Port:              int(c.redirectPort),
-		Address:           c.redirectHost,
+		Address:           serviceAddress,
 		EnableTagOverride: false,
 	}
 
diff --git a/physical/consul/consul_test.go b/physical/consul/consul_test.go
index 8be1fe956d..7b1d1f4dc8 100644
--- a/physical/consul/consul_test.go
+++ b/physical/consul/consul_test.go
@@ -117,6 +117,51 @@ func TestConsul_ServiceTags(t *testing.T) {
 	}
 }
 
+func TestConsul_ServiceAddress(t *testing.T) {
+	tests := []struct {
+		consulConfig   map[string]string
+		serviceAddrNil bool
+	}{
+		{
+			consulConfig: map[string]string{
+				"service_address": "",
+			},
+		},
+		{
+			consulConfig: map[string]string{
+				"service_address": "vault.example.com",
+			},
+		},
+		{
+			serviceAddrNil: true,
+		},
+	}
+
+	for _, test := range tests {
+		logger := logformat.NewVaultLogger(log.LevelTrace)
+
+		be, err := NewConsulBackend(test.consulConfig, logger)
+		if err != nil {
+			t.Fatalf("expected Consul to initialize: %v", err)
+		}
+
+		c, ok := be.(*ConsulBackend)
+		if !ok {
+			t.Fatalf("Expected ConsulBackend")
+		}
+
+		if test.serviceAddrNil {
+			if c.serviceAddress != nil {
+				t.Fatalf("expected service address to be nil")
+			}
+		} else {
+			if c.serviceAddress == nil {
+				t.Fatalf("did not expect service address to be nil")
+			}
+		}
+	}
+}
+
 func TestConsul_newConsulBackend(t *testing.T) {
 	tests := []struct {
 		name            string
diff --git a/website/source/docs/configuration/storage/consul.html.md b/website/source/docs/configuration/storage/consul.html.md
index b8f0ac3510..e327fe3696 100644
--- a/website/source/docs/configuration/storage/consul.html.md
+++ b/website/source/docs/configuration/storage/consul.html.md
@@ -86,6 +86,14 @@ at Consul's service discovery layer.
 - `service_tags` `(string: "")` – Specifies a comma-separated list of tags to
   attach to the service registration in Consul.
 
+- `service_address` `(string: nil)` – Specifies a service-specific address to
+  set on the service registration in Consul. If unset, Vault will use what it
+  knows to be the HA redirect address - which is usually desirable. Setting
+  this parameter to `""` will tell Consul to leverage the configuration of the
+  node the service is registered on dynamically. This could be beneficial if
+  you intend to leverage Consul's
+  [`translate_wan_addrs`](consul-translate-wan-addrs) parameter.
+
 - `token` `(string: "")` – Specifies the [Consul ACL token][consul-acl] with
   permission to read and write from the `path` in Consul's key-value store.
   This is **not** a Vault token. See the ACL section below for help.
@@ -216,3 +224,4 @@ storage "consul" {
 [consul-acl]: https://www.consul.io/docs/guides/acl.html "Consul ACLs"
 [consul-consistency]: https://www.consul.io/api/index.html#consistency-modes "Consul Consistency Modes"
 [consul-encryption]: https://www.consul.io/docs/agent/encryption.html "Consul Encryption"
+[consul-translate-wan-addrs]: https://www.consul.io/docs/agent/options.html#translate_wan_addrs "Consul Configuration"