Seems that I was able to sort it out.
By monitoring the logs, and actually it was the performance logs that helped in this respect - I was able to track it down to xauth issues. Somebody modified the default server group for the VPN auth profile, and a Radius server had priority there which - of course was not able to authenticate the RAP by its MAC as username and password.
I set up a RAP-109 in the office, and tweak the system, until it started to work. There was of course another mistake in the AP system profile, as during one of the tests I entered there a VRRP address of the cluster. By removing that the RAP went up and started to work.
So thanks for the assistance case can be considered solved. :-)