See, your voice is working perfectly because you are using only one router for your Voice VLAN: the MPLS router.
For your data, you have two routers: your default GW plus your MPLS router, and the firewall comes into it as well.
If I were approaching this from scratch, this is how I would proceed:
1/ First I would choose whether I want my router on the network, or rely on the MPLS router on each site to provide routing and inter-VLAN routing. There can be arguments either way.
2/ Assuming you want control over your inter-VLAN routing on each site, then you want each site to have a layer-3 "core" switch. You now need to draw in each network as a separate segment:
a) Local LAN segment
b) WAN gateway segment
and for SiteA only,
c) Internet gateway segment
The "core" switch is the gateway/router between all these segments.
So (for example SiteA) you create 4 VLANs:
10: LAN DATA
20: LAN VOICE
30: WAN GW
40: WWW GW
You create a layer-3 VLAN interface for each VLAN.
Int VLAN 10: 192.168.1.22
Int VLAN 20: 10.10.2.254
Int VLAN 30: 10.99.1.2
Int VLAN 40: 10.99.2.2
You re-address the MPLS router with a single IP address (get rid of subinterfaces) of 10.99.1.1
and the Internet firewall with 10.99.2.1
You then need routes on your switch:
0.0.0.0/0 --> 10.99.2.1
10.14.2.0/24 --> 10.99.1.1
192.168.4.0/24 --> 10.99.1.1
Your firewall needs sensible routes to match:
0.0.0.0/0 --> ?ISP
10.0.0.0/8 --> 10.99.2.2
192.168.0.0/16 --> 10.99.2.2
Your MPLS router needs sensible routes:
0.0.0.0/0 --> 10.99.1.2
10.14.2.0/24 --> ?MPLS provider(-->SiteB)
192.168.4.0/24 --> ?MPLS provider(-->SiteB)
Site B is similar minus VLAN40, the core having just a default route pointing at the MPLS router, and that router having a default pointing back to SiteA and specific routes pointing at the local core for the two local LAN segments.
