Well,it totally depends on the type of mode that the TCP Intercept feature has been configured in.As fo now tehre are two modes:-
1. Intercept mode (the default)
2. Watch mode (configurable)
In the intercept mode,the router functioning as an "IOS firewall" will intercept,so to speak,any TCP connections towards your server and the 3-way handshake will be attempted to be formed between the IOS firewall(router).If established,the connection details are forwarded to the actual server,thereby protecting your server from an immmediate attack.
However,in doing so,if your router acting as an IOS firewall is rather low-end then it would not be able to handle too many proxy connections and hence you have the drop mode feature wherein you can decide on what method to drop the already established connections so as to reserver spave to either form new ones or attempt to form new ones.This can be achieved so by