This configuration is working very well now, including the mentioned workaround, to send mail via ISPConfig and SMTP, and receive it via Google Apps and POP. As said, this prevents loading too much a small VPS with spam filtering, etc.
The alias validation is still in progress, but everything is working already after DNS propagated (the subdomain alias needed its own MX records from Google). Now, for each mail account in Google Apps, there is a forward in ISPConfig to its subdomain alias, to fix the problem with internal mail. In my tests, mail forward worked better than routing for this. I added also an empty mailbox firstname.lastname@example.org in ISPConfig, just to configure the SMTP user in mail clients such as Thunderbird. So far, so good.