Since the remote site doesn't have its own dedicated Internet, you should be able to accomplish this by putting a Layer 3 switch at the remote site, a firewall isn't needed necessarily. I have a similar setup: at my remote site I have an MX84, but this site has its own dedicated internet, so I plug the Internet connection(s) into the Internet ports. The MPLS is plugged into port LAN port 10, and I have static routes configured to route voice traffic back to HQ over the MPLS. I'm using the MX84 as my MPLS connection because I don't have a Layer 3 switch there (yet). I'm not saying that you can't use the MX65, you just probably won't need to use the Internet ports to accomplish what you're trying to do.
... View more